{\rtf1\ansi\ansicpg1252\cocoartf1504\cocoasubrtf760
{\fonttbl\f0\fswiss\fcharset0 Helvetica;\f1\fnil\fcharset134 PingFangSC-Regular;\f2\froman\fcharset0 TimesNewRomanPSMT;
}
{\colortbl;\red255\green255\blue255;\red0\green0\blue255;\red255\green0\blue0;}
{\*\expandedcolortbl;;\csgenericrgb\c0\c0\c100000;\csgenericrgb\c100000\c0\c0;}
{\info
{\title elf\uc0\u21160 \u24577 \u35299 \u26512 \u31526 \u21495 \u36807 \u31243 (\u20462 \u35746 \u29256 )(WSS-Articles-02001) }
{\author lz}
{\*\company clone}}\paperw12240\paperh15840\margl663\margr663\vieww24240\viewh12680\viewkind0
\deftab720
\pard\pardeftab720\ri0\partightenfactor0

\f0\fs28 \cf0 \expnd0\expndtw0\kerning0
elf
\f1 \'b6\'af\'cc\'ac\'bd\'e2\'ce\'f6\'b7\'fb\'ba\'c5\'b9\'fd\'b3\'cc
\f0 (
\f1 \'d0\'de\'b6\'a9\'b0\'e6
\f0 )(WSS-Articles-02001) \
\
Author: alert7 \
Email: alert7@whitecell.org \
Homepage:http://www.whitecell.org \
Date: 2002-01-10 \
\
\

\f1 \'a1\'ef\'a1\'ef
\f0  
\f1 \'c7\'b0\'d1\'d4
\f0  \
\

\f1 \'b1\'be\'c6\'aa\'ce\'c4\'d5\'c2\'d2\'d4
\f0 linux
\f1 \'ce\'aa\'c6\'bd\'cc\'a8\'ce\'aa\'c0\'fd\'a3\'ac\'d1\'dd\'ca\'be
\f0 elf
\f1 \'b6\'af\'cc\'ac\'bd\'e2\'ce\'f6\'b7\'fb\'ba\'c5\'b5\'c4\'b9\'fd\'b3\'cc\'a1\'a3
\f0  
\f1 \'b2\'bb\'d5\'fd\'d6\'ae\'b4\'a6\'a3\'ac\'bb\'b9\'c7\'eb\'b8\'ab\'d5\'fd\'a1\'a3
\f0  \
\

\f1 \'cd\'a8\'b3\'a3\'a3\'ac
\f0 elf
\f1 \'bd\'e2\'ce\'f6\'b7\'fb\'ba\'c5\'b7\'bd\'ca\'bd\'ca\'c7\'d3\'c3\'b3\'c6\'ce\'aa
\f0 lazy MODE
\f1 \'d7\'b0\'d4\'d8\'b5\'c4\'a1\'a3\'d5\'e2\'d6\'d6\'d7\'b0\'d4\'d8\'bc\'bc\'ca\'f5\'ca\'c7
\f0 linux
\f1 \'c6\'bd\'cc\'a8\'c9\'cf
\f0  
\f1 \'c4\'ac\'c8\'cf\'b5\'c4\'b7\'bd\'ca\'bd\'a1\'a3\'d4\'da\'b2\'bb\'cd\'ac\'b5\'c4\'d3\'b2\'bc\'fe\'cc\'e5\'cf\'b5\'c6\'bd\'cc\'a8\'c9\'cf\'ca\'b5\'cf\'d6\'d5\'e2\'d6\'d6\'bb\'fa\'d6\'c6\'d2\'b2\'ca\'c7\'b2\'bb\'cd\'ac\'b5\'c4\'a1\'a3\'b5\'ab\'ca\'c7
\f0 i386
\f1 \'ba\'cd
\f0 SPARC 
\f1 \'d4\'da\'b4\'f3\'b2\'bf\'b7\'d6\'c9\'cf\'ca\'c7\'cf\'e0\'cd\'ac\'b5\'c4\'a1\'a3
\f0  \
\

\f1 \'b6\'af\'cc\'ac\'c1\'ac\'bd\'d3\'c6\'f7\'a3\'a8
\f0 rtld
\f1 \'a3\'a9\'c9\'ed\'bc\'e6\'b6\'e0\'d6\'b0\'a3\'ac\'cc\'e1\'b9\'a9\cf2 \'b7\'fb\'ba\'c5\'b5\'c4\'b6\'af\'cc\'ac\'c1\'ac\'bd\'d3\cf0 \'a3\'ac\cf2 \'d7\'b0\'d4\'d8\'b9\'b2\'cf\'ed
\f0 object
\f1 \'ce\'c4\'bc\'fe\cf0 \'ba\'cd\cf2 \'bd\'e2\'ce\'f6\'b7\'fb\'ba\'c5\'d2\'fd\'d3\'c3\cf0 \'a1\'a3\'cd\'a8\'b3\'a3\'ca\'c7
\f0 \cf2 /lib/ld-linux.so\cf0 ,rtld
\f1 \'ce\'c4\'bc\'fe\'b1\'be\'c9\'ed\'bf\'c9\'d2\'d4\'ca\'c7\'d2\'bb\'b8\'f6\'b9\'b2\'cf\'ed
\f0 object
\f1 \'d2\'b2\'bf\'c9\'d2\'d4\'ca\'c7\'b8\'f6\'bf\'c9\'d6\'b4\'d0\'d0\'b5\'c4\'ce\'c4\'bc\'fe\'a1\'a3
\f0  \
\pard\pardeftab720\ri0\partightenfactor0
\cf3 (# 
\f1 \'b4\'f3\'d6\'c2\'b6\'d4\'d3\'a6\'b9\'d8\'cf\'b5\'a3\'ba\'bf\'c9\'d6\'b4\'d0\'d0\'ce\'c4\'bc\'fe\'a3\'ba
\f0 *.exe
\f1 \'a3\'bb\'bf\'c9\'b9\'b2\'cf\'ed\'ce\'c4\'bc\'fe\'a3\'ba
\f0 *.so
\f1 \'a3\'bb\'bf\'c9\'d6\'d8\'b6\'a8\'ce\'bb\'ce\'c4\'bc\'fe\'a3\'ba
\f0 *.o)
\f2 \
\pard\pardeftab720\ri0\partightenfactor0
\cf0 \
\pard\pardeftab720\ri0\partightenfactor0

\f1 \cf0 \'a1\'ef\'a1\'ef
\f0  
\f1 \'b7\'fb\'ba\'c5\'b1\'ed
\f0 (symbol table) 
\f2 \

\f1 \'c3\'bf\'b8\'f6
\f0 object
\f1 \'d2\'aa\'cf\'eb\'ca\'b9\'cb\'fc\'b6\'d4\'c6\'e4\'cb\'fb\'b5\'c4
\f0 elf
\f1 \'ce\'c4\'bc\'fe\'bf\'c9\'d3\'c3\'a3\'ac\'be\'cd\'d2\'aa\'d3\'c3\'b5\'bd\'b7\'fb\'ba\'c5\'b1\'ed
\f0 (symbol table)
\f1 \'d6\'d0\'b5\'c4
\f0 symbol entry
\f1 \'a1\'a3\'ca\'c2\'ca\'b5\'c9\'cf\'a3\'ac\'d2\'bb\'b8\'f6
\f0 symbol entry 
\f1 \'ca\'c7\'b8\'f6
\f0 symbol
\f1 \'bd\'e1\'b9\'b9\'a3\'ac\'cb\'fc\'c3\'e8\'ca\'f6\'c1\'cb\'d5\'e2\'b8\'f6
\f0 symbol
\f1 \'b5\'c4\'c3\'fb\'d7\'d6\'ba\'cd\'b8\'c3
\f0 symbol
\f1 \'b5\'c4
\f0 value
\f1 \'a1\'a3
\f2 \

\f0 (# 
\f1 \'b7\'fb\'ba\'c5\'b1\'ed
\f0 symbol table
\f1 \'b5\'c4\'d6\'d8\'d2\'aa\'d7\'f7\'d3\'c3\'d6\'ae\'d2\'bb\'ca\'c7\'ce\'aa\'c1\'cb\'d4\'da\'b6\'e0\'b8\'f6
\f0 elf
\f1 \'ce\'c4\'bc\'fe\'d6\'ae\'bc\'e4\'b9\'b2\'cf\'ed\'b7\'fb\'ba\'c5\'a3\'ac
\f0 object A 
\f1 \'b0\'d1\'cb\'fc\'b5\'c4\'b7\'fb\'ba\'c5\'d0\'b4\'d4\'da\'cb\'fc\'d7\'d4\'bc\'ba\'b5\'c4\'b7\'fb\'ba\'c5\'b1\'ed\'c0\'ef\'a3\'ac\'b2\'a2
\f0 export
\f1 \'b3\'f6\'c0\'b4\'a3\'ac\'d4\'f2
\f0 object B
\f1 \'be\'cd\'bf\'c9\'d2\'d4\'b2\'e9
\f0 object A
\f1 \'b5\'c4\'b7\'fb\'ba\'c5\'b1\'ed\'a3\'ac\'ca\'b9\'d3\'c3
\f0 object A
\f1 \'d6\'d0\'b5\'c4\'b7\'fb\'ba\'c5
\f0 )
\f2 \
\

\f0 symbol name 
\f1 \'b1\'bb\'b1\'e0\'c2\'eb\'d7\'f7\'ce\'aa
\f0 dynamic string table
\f1 \'b5\'c4
\f0 index
\f1 \'a3\'bb
\f2 \

\f0 symbol value 
\f1 \'ca\'c7\'b8\'c3
\f0 symbol
\f1 \'d4\'da
\f0 object
\f1 \'ce\'c4\'bc\'fe\'c4\'da\'b5\'c4\'b5\'d8\'d6\'b7\'a1\'a3\'b5\'b1\'ce\'c4\'bc\'fe\'bc\'d3\'d4\'d8\'bd\'f8\'c4\'da\'b4\'e6\'ca\'b1\'a3\'ac\'b8\'c3\'b5\'d8\'d6\'b7\'cd\'a8\'b3\'a3\'d0\'e8\'d2\'aa\'b1\'bb\'d6\'d8\'d0\'c2\'b6\'a8\'ce\'bb
\f0 (
\f1 \'d0\'e8\'d2\'aa\'bc\'d3\'c9\'cf\'b8\'c3
\f0 object
\f1 \'d7\'b0\'d4\'d8\'b5\'bd\'c4\'da\'b4\'e6\'b5\'c4\'bb\'f9\'b5\'d8\'d6\'b7
\f0 (base load address))
\f1 \'a3\'ac\'b4\'d3\'b6\'f8\'b9\'b9\'b3\'c9\'b8\'c3
\f0 symbol
\f1 \'d4\'da\'c4\'da\'b4\'e6\'d6\'d0\'b5\'c4\'be\'f8\'b6\'d4\'b5\'d8\'d6\'b7\'a3\'bb
\f2 \
\

\f1 \'d2\'bb\'b8\'f6\'b7\'fb\'ba\'c5\'b1\'ed\'b1\'ed\'cf\'ee
\f0 (symbol entry)
\f1 \'d3\'d0\'c8\'e7\'cf\'c2\'b5\'c4\'b8\'f1\'ca\'bd\'a3\'ba
\f2 \

\f0 typedef struct \
\{ \
\pard\pardeftab720\fi720\ri0\partightenfactor0
\cf0 elf32_Word st_name;           /* Symbol name (string tbl index) */ \
elf32_Addr st_value;          /* Symbol value */ \
elf32_Word st_size;           /* Symbol size */ \
unsigned char st_info;        /* Symbol type and binding */ \
unsigned char st_other;       /* No defined meaning, 0 */ \
elf32_Section st_shndx;       /* Section index */ \
\pard\pardeftab720\ri0\partightenfactor0

\f2 \cf0 \}
\f0  elf32_Sym; \
\
\pard\pardeftab720\ri0\partightenfactor0

\f1 \cf0 \'bf\'c9\'d6\'b4\'d0\'d0\'ce\'c4\'bc\'fe\'d6\'aa\'b5\'c0\'d4\'cb\'d0\'d0\'ca\'b1\'bf\'cc
\f0  
\f1 \'b7\'fb\'ba\'c5\'b5\'c4\'b5\'d8\'d6\'b7\'a3\'ac\'cb\'f9\'d2\'d4\'bf\'c9\'d6\'b4\'d0\'d0\'ce\'c4\'bc\'fe\'c4\'da\'b2\'bf\'b5\'c4\'d2\'fd\'d3\'c3\'b5\'c4\'b7\'fb\'ba\'c5
\f0 (
\f1 \'be\'d6\'b2\'bf\'b1\'e4\'c1\'bf
\f0 )
\f1 \'d4\'da\'b1\'e0\'d2\'eb
\f0 +
\f1 \'c1\'ac\'bd\'d3\'b5\'c4\'ca\'b1\'ba\'f2\'be\'cd\'d2\'d1\'be\'ad\'b1\'bb\'d6\'d8\'b6\'a8\'ce\'bb\'c1\'cb\'a1\'a3
\f0 (
\f1 \'c8\'ab\'be\'d6\'b7\'fb\'ba\'c5\'d3\'c9\'b6\'af\'cc\'ac\'c1\'ac\'bd\'d3\'c6\'f7\'d4\'da\'bc\'d3\'d4\'d8\'ce\'c4\'bc\'fe\'bd\'f8\'c4\'da\'b4\'e6\'ca\'b1\'d6\'d8\'b6\'a8\'ce\'bb
\f0 )
\f1 \'a1\'a3
\f0  \
\pard\pardeftab720\ri0\partightenfactor0

\f2 \cf0 \
\pard\pardeftab720\ri0\partightenfactor0

\f1 \cf0 \'a1\'ef\'a1\'ef
\f0  GOT
\f1 \'a3\'a8
\f0 global offset table
\f1 \'a3\'a9
\f0  \
\
GOT
\f1 \'ca\'c7\'d2\'bb\'b8\'f6\'ca\'fd\'d7\'e9\'a3\'ac\'b4\'e6\'b7\'c5\'d4\'da
\f0 elf image
\f1 \'b5\'c4\'ca\'fd\'be\'dd\'b6\'ce
\f0 (segment)
\f1 \'d6\'d0\'a3\'ac\'cb\'fb\'c3\'c7\'ca\'c7\'d2\'bb\'d0\'a9\'d6\'b8\'cf\'f2
\f0 objects
\f1 \'b5\'c4\'d6\'b8\'d5\'eb\'a1\'a3\'b6\'af\'cc\'ac\'c1\'ac\'bd\'d3\'c6\'f7\'bd\'ab\'ce\'c4\'bc\'fe\'bc\'d3\'d4\'d8\'bd\'f8\'c4\'da\'b4\'e6\'ca\'b1\'a3\'ac\'bd\'ab\'d6\'d8\'d0\'c2\'d0\'de\'b8\'c4
\f0  
\f1 \'c4\'c7\'d0\'a9\cf3 \'b1\'e0\'d2\'eb
\f0 +
\f1 \'c1\'ac\'bd\'d3\'ca\'b1\cf0 \'c3\'bb\'d3\'d0\'b1\'bb\'c8\'b7\'b6\'a8\'cf\'c2\'c0\'b4\'be\'f8\'b6\'d4\'b5\'d8\'d6\'b7\'b5\'c4\'b7\'fb\'ba\'c5
\f0  
\f1 \'cb\'f9\'b6\'d4\'d3\'a6\'b5\'c4
\f0 GOT
\f1 \'b1\'ed\'cf\'ee\'a1\'a3\'cb\'f9\'d2\'d4\'cb\'b5
\f0 GOT
\f1 \'d4\'da
\f0 i386
\f1 \'b6\'af\'cc\'ac\'c1\'ac\'bd\'d3\'d6\'d0\'b0\'e7\'d1\'dd\'d7\'c5\'d6\'d8\'d2\'aa\'b5\'c4\'bd\'c7\'c9\'ab\'a1\'a3
\f0  \
\pard\pardeftab720\ri0\partightenfactor0

\f2 \cf0 \
\
\pard\pardeftab720\ri0\partightenfactor0

\f1 \cf0 \'a1\'ef\'a1\'ef
\f0  PLT
\f1 \'a3\'a8
\f0 procedure linkage table
\f1 \'a3\'a9
\f0  \
PLT
\f1 \'ca\'c7\'d5\'e2\'d1\'f9\'b5\'c4\'d2\'bb\'b8\'f6\'bd\'e1\'b9\'b9\'a3\'ac\'cb\'fc\'b5\'c4
\f0 entries
\f1 \'b0\'fc\'ba\'ac\'c1\'cb\'d2\'bb\'d0\'a9\'b4\'fa\'c2\'eb\'c6\'ac\'b6\'ce
\f0 (
\f1 \'cd\'a8\'b3\'a3\'ca\'c7\'a3\'ba\'bc\'b8\'be\'e4\'bf\'d8\'d6\'c6\'cc\'f8\'d7\'aa\'b5\'c4\'bb\'e3\'b1\'e0\'d6\'b8\'c1\'ee
\f0 )
\f1 \'d3\'c3\'c0\'b4\'b0\'d1\'bf\'d8\'d6\'c6\'c8\'a8\'cc\'f8\'d7\'aa\'b5\'bd\'c6\'e4\'cb\'fb\'b4\'a6\'c0\'ed\'b9\'fd\'b3\'cc\'a1\'a3
\f2 \

\f1 \'d4\'da
\f0 i386
\f1 \'cc\'e5\'cf\'b5\'cf\'c2\'a3\'ac
\f0 PLT
\f1 \'ba\'cd\'cb\'fb\'b5\'c4\'b4\'fa\'c2\'eb\'c6\'ac\'b6\'ce
\f0 entries
\f1 \'d3\'d0\'c8\'e7\'cf\'c2\'b8\'f1\'ca\'bd\'a3\'ba
\f0  \
\
PLT0: \
push GOT[1] ; word of identifying information    # link_map 
\f1 \'bd\'e1\'b9\'b9
\f0   /usr/include/link.h 
\f1 \'d6\'d0\'b6\'a8\'d2\'e5
\f2 \

\f0 jmp GOT[2] ; pointer to rtld function nop        # 
\f1 \'b6\'af\'cc\'ac\'c1\'ac\'bd\'d3\'c6\'f7\'a3\'a8
\f0 rtld
\f1 \'a3\'a9\'b4\'fa\'c2\'eb\'b5\'c4\'c8\'eb\'bf\'da\'b5\'d8\'d6\'b7
\f2 \
\

\f0 ... \
\
PLTn: \
jmp GOT[x + n] ; GOT offset of symbol address \
push n ; relocation offset of symbol \
jmp PLT0 ; call the rtld
\f2 \
\

\f0 PLTn + 1: \
jmp GOT[x +n +1]; GOT offset of symbol address \
push n +1 ; relocation offset of symbol \
jmp PLT0 ; call the rtld
\f2 \
\

\f1 \'b5\'b1\'cf\'b5\'cd\'b3\'b0\'d1\'bf\'d8\'d6\'c6\'b4\'ab\'b5\'dd\'b5\'bd\'d2\'bb\'b8\'f6\cf3 \'cd\'e2\'b2\'bf\'b5\'c4\'ba\'af\'ca\'fd
\f0 (
\f1 \'b1\'c8\'c8\'e7\'a3\'ba\'c8\'ab\'be\'d6\'ba\'af\'ca\'fd
\f0 printf)
\f1 \cf0 \'ca\'b1\'a3\'ac\'cb\'fc\'cc\'f8\'d7\'aa\'b5\'bd\'b8\'fa\'b8\'c3\'b7\'fb\'ba\'c5\'c3\'fb\'d7\'d6
\f0 (printf)
\f1 \'cf\'e0\'b9\'d8\'c1\'aa\'b5\'c4\'c4\'c7\'b8\'f6
\f0 PLT entry 
\f1 \'b4\'a6\'d6\'b4\'d0\'d0
\f0 (# 
\f1 \'b1\'c8\'c8\'e7\'b5\'f7\'d3\'c3\'cd\'e2\'b2\'bf\'b6\'a8\'d2\'e5\'b5\'c4\'c8\'ab\'be\'d6\'ba\'af\'ca\'fd
\f0 printf
\f1 \'a3\'ac
\f0 elf
\f1 \'ce\'c4\'bc\'fe\'d6\'d0\'bc\'c7\'d4\'d8\'b5\'c4
\f0 printf
\f1 \'b7\'fb\'ba\'c5\'b5\'c4\'b5\'d8\'d6\'b7\'b2\'a2\'b7\'c7\'cb\'fc\'b5\'c4\'d5\'e6\'ca\'b5\'b5\'d8\'d6\'b7\'a3\'ac\'b6\'f8\'ca\'c7
\f0 printf
\f1 \'b6\'d4\'d3\'a6\'b5\'c4
\f0 PLT entry
\f1 \'b5\'c4\'b5\'d8\'d6\'b7\'a1\'a3\'b8\'c3
\f0 PLT entry
\f1 \'ca\'c7\'d4\'da\'b1\'e0\'d2\'eb\'b5\'c4\'ca\'b1\'ba\'f2\'d3\'c9\'c1\'ac\'bd\'d3\'c6\'f7\'bc\'c6\'cb\'e3\'c9\'fa\'b3\'c9\'b5\'c4
\f0 )
\f1 \'a1\'a3\'bc\'d9\'c9\'e8\'ca\'c7\'cc\'f8\'d7\'aa\'b5\'bd
\f0 PLTn
\f1 \'b4\'a6\'a3\'ac\'bf\'aa\'ca\'bc\'d6\'b4\'d0\'d0\'c6\'e4\'d6\'d0\'b0\'fc\'ba\'ac\'b5\'c4\'b4\'fa\'c2\'eb\'c6\'ac\'b6\'ce\'a1\'a3\'d6\'b4\'d0\'d0
\f0 PLTn
\f1 \'d6\'d0\'b5\'c4\'b5\'da\'d2\'bb\'cc\'f5\'d6\'b8\'c1\'ee
\f0 :jmp GOT[x + n] 
\f1 \'bd\'ab
\f0 jump
\f1 \'b5\'bd
\f0 GOT
\f1 \'b1\'ed\'c0\'ef
\f0 [x + n] 
\f1 \'cf\'ee\'c4\'bf\'d6\'d0\'b0\'fc\'ba\'ac\'b5\'c4\'b5\'d8\'d6\'b7\'b4\'a6\'d6\'b4\'d0\'d0\'a3\'bb
\f2 \'93
\f1 \'b7\'fb\'ba\'c5
\f2 \'94
\f1 \'b1\'bb\'bd\'e2\'ce\'f6\'d6\'ae\'c7\'b0\'a3\'ac
\f0 GOT[x + n]
\f1 \'cf\'ee\'c4\'bf\'d6\'d0\'c6\'f0\'b3\'f5\'b4\'e6\'b7\'c5\'d7\'c5\'b5\'c4\'ca\'c7
\f0 PLTn
\f1 \'d6\'d0\'b5\'c4\'b5\'da\'b6\'fe\'cc\'f5\'d6\'b8\'c1\'ee
\f0 :push n 
\f1 \'b5\'c4\'b5\'d8\'d6\'b7\'a3\'ac\'d3\'da\'ca\'c7\'bc\'cc\'d0\'f8\'d6\'b4\'d0\'d0
\f0 push n
\f1 \'a3\'ac\'b0\'d1\'b7\'fb\'ba\'c5
\f0 (printf) 
\f1 \'d4\'da\'d6\'d8\'b6\'a8\'ce\'bb\'b1\'ed
\f0 .rel.plt
\f1 \'c0\'ef\'cb\'f9\'b6\'d4\'d3\'a6\'b5\'c4\'d6\'d8\'b6\'a8\'ce\'bb\'cf\'ee\'c4\'bf\'b5\'c4\'c6\'ab\'d2\'c6\'c1\'bf
\f0 n 
\f1 \'d1\'b9\'c8\'eb\'b5\'bd\'b6\'d1\'d5\'bb\'a3\'ac\'c8\'bb\'ba\'f3\'d6\'b4\'d0\'d0\'cf\'c2\'d2\'bb\'cc\'f5\'d6\'b8\'c1\'ee\'a3\'ba
\f0 jmp PLT0 
\f1 \'b0\'d1\'bf\'d8\'d6\'c6\'c8\'a8\'b4\'ab\'b5\'dd\'b5\'bd
\f0 PLT[0]
\f1 \'b5\'d8\'d6\'b7\'b4\'a6\'a1\'a3
\f0 PLT[0]
\f1 \'d6\'d0\'b0\'fc\'ba\'ac\'c1\'cb\'b5\'f7\'d3\'c3
\f0 rtld
\f1 \'b7\'fb\'ba\'c5\'bd\'e2\'ce\'f6\'ba\'af\'ca\'fd\'b5\'c4\'b4\'fa\'c2\'eb\'a3\'ac\'b3\'cc\'d0\'f2\'b6\'af\'cc\'ac\'bc\'d3\'d4\'d8\'bd\'f8\'c8\'eb\'c4\'da\'b4\'e6\'ca\'b1\'a3\'ac
\f0 rtld
\f1 \'ba\'af\'ca\'fd\'b5\'d8\'d6\'b7\'bb\'e1\'b1\'bb\'cc\'e1\'c7\'b0\'b7\'c5\'bd\'f8\'b3\'cc\'d0\'f2\'c4\'da\'b4\'e6\'d3\'b3\'cf\'f1\'d6\'d0\'b5\'c4
\f0 GOT[2]
\f1 \'c0\'ef\'a1\'a3
\f0  \
\
\pard\pardeftab720\ri0\qj\partightenfactor0

\f1 \cf0 \'b6\'af\'cc\'ac\'c1\'ac\'bd\'d3\'c6\'f7\'a3\'a8
\f0 rtld
\f1 \'a3\'a9\'bd\'ab\'d5\'b9\'bf\'aa
\f0 stack
\f1 \'b2\'a2\'c7\'d2\'bb\'f1\'c8\'a1
\f2 \'93
\f1 \'d0\'e8\'d2\'aa\'bd\'e2\'ce\'f6\'b5\'c4\'b7\'fb\'ba\'c5
\f2 \'94
\f0  
\f1 \'b6\'d4\'d3\'a6\'b5\'c4\'d6\'d8\'b6\'a8\'ce\'bb\'b1\'ed\'cf\'ee\'a1\'a3\cf2 \'d6\'d8\'b6\'a8\'ce\'bb\'b1\'ed\'cf\'ee\'a1\'a2\'b7\'fb\'ba\'c5\'b1\'ed\'ba\'cd\'d7\'d6\'b7\'fb\'b4\'ae\'b1\'ed\'b9\'b2\'cd\'ac\'be\'f6\'b6\'a8\'d7\'c5
\f0 PLTn
\f1 \'d2\'fd\'d3\'c3\'b5\'c4\'c4\'c7\'b8\'f6
\f2 \'93
\f1 \'b7\'fb\'ba\'c5
\f2 \'94
\f1 \'b5\'c4\'d0\'c5\'cf\'a2\'ba\'cd
\b \cf3 \'d4\'da\'bd\'f8\'b3\'cc\'c4\'da\'b4\'e6\'d3\'b3\'cf\'f1\'d6\'d0
\b0 \cf2 \'b8\'c3
\f2 \'93
\f1 \'b7\'fb\'ba\'c5
\f2 \'94
\f1 \'b5\'c4\'c4\'da\'b4\'e6\'be\'f8\'b6\'d4\'b5\'d8\'d6\'b7\cf0 \'a1\'a3\'bc\'d9\'c8\'e7\'bf\'c9\'c4\'dc\'b5\'c4\'bb\'b0\'a3\'ac\'b8\'c3\'b7\'fb\'ba\'c5\'d4\'da\'c4\'da\'b4\'e6\'d6\'d0\'b5\'c4\'be\'f8\'b6\'d4\'b5\'d8\'d6\'b7\'bd\'ab\'b1\'bb\'bd\'e2\'ce\'f6\'b3\'f6\'c0\'b4\'a3\'ac\'b2\'a2\'b4\'e6\'b7\'c5\'d4\'da
\f0 PLTn
\f1 \'cb\'f9\'b6\'d4\'d3\'a6\'b5\'c4
\f0 GOT[x + n]
\f1 \'d6\'d0\'a1\'a3\'cf\'c2\'d2\'bb\'b4\'ce\'b8\'c3\'b7\'fb\'ba\'c5\'b1\'bb\'c7\'eb\'c7\'f3\'ca\'b1\'a3\'ac\'d3\'eb\'d6\'ae\'b6\'d4\'d3\'a6\'b5\'c4
\f0 GOT entry
\f1 \'d6\'d0\'d2\'d1\'be\'ad\'b0\'fc\'ba\'ac\'c1\'cb\'b8\'c3\'b7\'fb\'ba\'c5\'b5\'c4\'b5\'d8\'d6\'b7\'c1\'cb\'a1\'a3\'cb\'f9\'d2\'d4\'a3\'ac\'cb\'f9\'d3\'d0\'ba\'f3\'c0\'b4\'b5\'c4\'b5\'f7\'d3\'c3\'bd\'ab\'d6\'b1\'bd\'d3\'cd\'a8\'b9\'fd
\f0 GOT[x + n]
\f1 \'b4\'ab\'b5\'dd\'bf\'d8\'d6\'c6\'c8\'a8\'a1\'a3\'b6\'af\'cc\'ac\'c1\'ac\'bd\'d3\'c6\'f7\'d6\'bb\'ca\'c7\'d4\'da\'b5\'da\'d2\'bb\'b4\'ce\'d2\'fd\'d3\'c3\'b5\'c4
\f2 \'93
\f1 \'b7\'fb\'ba\'c5
\f2 \'94
\f1 \'c3\'fb\'d7\'d6\'ca\'b1\'bd\'f8\'d0\'d0\'bd\'e2\'ce\'f6\'a3\'bb\'d5\'e2\'d6\'d6\'d2\'fd\'d3\'c3\'b7\'bd\'ca\'bd\'be\'cd\'ca\'c7\'ce\'d2\'c3\'c7\'c9\'cf\'c3\'e6\'cb\'f9\'cb\'b5\'b5\'c4
\f0  lazy MODE
\f1 \'a1\'a3
\f0  (
\f1 \'d7\'a2\'d2\'e2\'a3\'ba
\f0 PLTn
\f1 \'ba\'cd
\f0 GOT[x + n]
\f1 \'d6\'d0\'c1\'bd\'b8\'f6
\f0 n
\f1 \'d6\'b5\'b2\'a2\'b2\'bb\'cf\'e0\'b5\'c8\'a3\'ac\'d2\'f2\'ce\'aa
\f0 GOT[1]
\f1 \'ba\'cd
\f0 GOT[2]
\f1 \'ca\'c7\'ce\'aa\'b6\'af\'cc\'ac\'c1\'ac\'bd\'d3\'c6\'f7
\f0 rtld
\f1 \'b1\'a3\'c1\'f4\'b5\'c4\'a1\'a3
\f0 )\
\pard\pardeftab720\ri0\partightenfactor0

\f2 \cf0 \
\
\pard\pardeftab720\ri0\partightenfactor0

\f1 \cf0 \'a1\'ef\'a1\'ef
\f0  
\f1 \'b9\'fe\'cf\'a3\'b1\'ed\'ba\'cd\'c1\'b4
\f0 (hash table and chain) \
\

\f1 \'b3\'fd\'c1\'cb\'b7\'fb\'ba\'c5\'b1\'ed\'a3\'a8
\f0 symbol table
\f1 \'a3\'a9\'a3\'ac
\f0 GOT
\f1 \'a3\'a8
\f0 global offset table
\f1 \'a3\'a9\'a3\'ac
\f0 PLT
\f1 \'a3\'a8
\f0 procedure linkage table
\f1 \'a3\'a9\'a3\'ac\'d7\'d6\'b7\'fb\'b4\'ae\'b1\'ed
\f0 (string table),elf objects
\f1 \'bb\'b9\'bf\'c9\'d2\'d4\'b0\'fc\'ba\'ac\'d2\'bb\'b8\'f6
\f0 hash table
\f1 \'ba\'cd
\f0 chain
\f1 \'a3\'a8\'d3\'c3\'c0\'b4\'ca\'b9\'b6\'af\'cc\'ac\'c1\'ac\'bd\'d3\'c6\'f7
\f0  
\f1 \'bd\'e2\'ce\'f6\'b7\'fb\'ba\'c5\'b8\'fc\'bc\'d3\'c8\'dd\'d2\'d7\'b8\'fc\'bc\'d3\'d3\'d0\'d0\'a7\'c2\'ca\'a3\'a9\'a1\'a3
\f0 hash table
\f1 \'ba\'cd
\f0 chain 
\f1 \'cd\'a8\'b3\'a3\'b1\'bb\'d3\'c3\'c0\'b4\'d1\'b8\'cb\'d9\'c5\'d0\'b6\'a8\'d4\'da\'b7\'fb\'ba\'c5\'b1\'ed\'d6\'d0\'c4\'c4\'b8\'f6
\f0 entry
\f1 \'bf\'c9\'c4\'dc\'b7\'fb\'ba\'cf
\f0  
\f1 \'cb\'f9\'c7\'eb\'c7\'f3\'bd\'e2\'ce\'f6\'b5\'c4\'b7\'fb\'ba\'c5\'c3\'fb\'a1\'a3
\f0 hash table(
\f1 \'d7\'dc\'ca\'c7\'b0\'e9\'cb\'e6\'d7\'c5
\f0 chain)
\f1 \'b1\'bb\'d7\'f7\'ce\'aa\'d5\'fb\'d0\'cd\'ca\'fd\'d7\'e9\'b4\'e6\'b7\'c5\'a1\'a3\'d4\'da
\f0 hash
\f1 \'b1\'ed\'d6\'d0\'a3\'ac\'d2\'bb\'b0\'eb\'ce\'bb\'d6\'c3\'ca\'c7\'c1\'f4\'b8\'f8\'c4\'c7\'d0\'a9
\f0 buckets
\f1 \'b5\'c4\'a3\'ac\'c1\'ed\'d2\'bb\'b0\'eb\'ca\'c7\'c1\'f4\'b8\'f8\'d4\'da
\f0 chain
\f1 \'d6\'d0\'b5\'c4\'d4\'aa\'cb\'d8
\f0 (element)
\f1 \'b5\'c4\'a1\'a3
\f0 hash table
\f1 \'d6\'b1\'bd\'d3\'b7\'b4\'d3\'b3\'c1\'cb
\f0 symbol table 
\f1 \'b5\'c4\'d4\'aa\'cb\'d8\'ca\'fd\'c4\'bf\'ba\'cd\'cb\'fb\'c3\'c7\'b5\'c4\'b4\'ce\'d0\'f2\'a1\'a3
\f0  \
\

\f1 \'b6\'af\'cc\'ac\'c1\'ac\'bd\'d3\'c6\'f7\'bd\'e1\'b9\'b9\'bf\'c9\'d2\'d4\'b1\'a3\'d6\'a4\'a3\'ba\'cb\'f9\'d3\'d0\'b6\'af\'cc\'ac\'c1\'ac\'bd\'d3\'b5\'c4\'d6\'b4\'d0\'d0
\f0  
\f1 \'be\'f9\'d2\'d4\'cd\'b8\'c3\'f7\'b7\'bd\'ca\'bd\'b7\'c3\'ce\'ca\'b6\'af\'cc\'ac\'c1\'ac\'bd\'d3\'c6\'f7
\f0 (
\f1 \'bc\'b4\'d3\'a6\'d3\'c3\'b3\'cc\'d0\'f2\'b5\'f7\'d3\'c3\'b5\'c4
\f0 printf
\f1 \'b5\'c4\'b5\'d8\'d6\'b7\'a3\'ac\'ca\'b5\'bc\'ca\'c9\'cf\'ca\'c7
\f0 PLT
\f1 \'b1\'ed\'b5\'d8\'d6\'b7\'a3\'ac\'d3\'a6\'d3\'c3\'b3\'cc\'d0\'f2\'b2\'a2\'b2\'bb\'d6\'aa\'b5\'c0
\f0 PLT
\f1 \'b1\'ed\'cf\'ee\'c4\'bf\'bb\'e1\'bc\'cc\'d0\'f8\'b5\'f7\'d3\'c3\'b6\'af\'cc\'ac\'c1\'ac\'bd\'d3\'c6\'f7
\f0 )
\f1 \'a1\'a3\'c8\'bb\'b6\'f8\'a3\'ac\'cf\'d4\'ca\'bd\'c3\'f7\'c8\'b7\'b7\'c3\'ce\'ca\'d2\'b2\'ca\'c7\'bf\'c9\'d2\'d4\'b5\'c4\'a3\'ba\'d3\'a6\'d3\'c3\'b3\'cc\'d0\'f2\'bf\'c9\'d2\'d4\'cd\'a8\'b9\'fd\'d6\'b1\'bd\'d3\'b5\'f7\'d3\'c3
\f0 RTLD
\f1 \'c4\'da\'b2\'bf\'b5\'c4\'d2\'bb\'d0\'a9\'ba\'af\'ca\'fd\'a3\'ac\'c8\'e7\'a3\'ba
\f0 dlopen(),dlsym(),dlclose()
\f1 \'b5\'c8\'c0\'b4\'cd\'ea\'b3\'c9\'b6\'af\'cc\'ac\'c1\'ac\'bd\'d3\'a1\'a3\'d5\'e2\'d0\'a9\'ba\'af\'ca\'fd\'b0\'fc\'ba\'ac\'d4\'da\'b6\'af\'cc\'ac\'c1\'ac\'bd\'d3\'c6\'f7\'b1\'be\'c9\'ed\'d6\'ae\'d6\'d0\'a3\'ac\'ce\'aa\'c1\'cb\'b7\'c3\'ce\'ca\'d5\'e2\'d0\'a9\'ba\'af\'ca\'fd\'a3\'ac\'c1\'ac\'bd\'d3\'ca\'b1\'d0\'e8\'d2\'aa\'b0\'d1\'b6\'af\'cc\'ac\'c1\'ac\'bd\'d3\'ba\'af\'ca\'fd\'bf\'e2
\f0 (libdl)
\f1 \'c1\'ac\'bd\'d3\'bd\'f8\'c0\'b4\'a1\'a3\'b8\'c3\'bf\'e2\'b0\'fc\'ba\'ac\'c1\'cb\'d2\'bb\'d0\'a9
\f0 stub
\f1 \'ba\'af\'ca\'fd\'d4\'ca\'d0\'ed\'b3\'cc\'d0\'f2\'c1\'ac\'bd\'d3\'ca\'b1\'a3\'ac\'c1\'ac\'bd\'d3\'c6\'f7
\f0 ld
\f1 \'bb\'e1\'b3\'a2\'ca\'d4\'bd\'e2\'ce\'f6\'b6\'d4\'d5\'e2\'d0\'a9\'ba\'af\'ca\'fd
\f0 (dlopen()
\f1 \'b5\'c8
\f0 )
\f1 \'b7\'fb\'ba\'c5\'c3\'fb\'d7\'d6\'b5\'c4\'d2\'fd\'d3\'c3\'a3\'bb\'c8\'bb\'b6\'f8
\f0 stub
\f1 \'ba\'af\'ca\'fd\'c3\'c7\'d6\'bb\'bc\'f2\'b5\'a5\'b5\'c4\'b7\'b5\'bb\'d8
\f0 0
\f1 \'a1\'a3\'d2\'f2\'ce\'aa\'ca\'c2\'ca\'b5\'c9\'cf\'d5\'e2\'d0\'a9\'ba\'af\'ca\'fd
\f0 (dlopen()
\f1 \'b5\'c8
\f0 )
\f1 \'d5\'e6\'d5\'fd\'b5\'c4\'ba\'af\'ca\'fd\'cc\'e5\'b2\'a2\'b2\'bb\'ca\'c7\'d4\'da
\f0 libdl
\f1 \'bf\'e2\'c0\'ef\'a3\'ac\'b6\'f8\'ca\'c7\'b0\'fc\'ba\'ac\'d4\'da\'b6\'af\'cc\'ac\'c1\'ac\'bd\'d3\'c6\'f7\'d6\'d0\'a3\'ac\'d2\'aa\'cf\'eb\'ca\'b9\'d3\'c3\'b5\'c4\'bb\'b0\'a3\'ac\'be\'cd\'d2\'aa\'bc\'d3\'d4\'d8\'b6\'af\'cc\'ac\'c1\'ac\'bd\'d3\'c6\'f7\'bd\'f8\'c4\'da\'b4\'e6\'a1\'a3\'bc\'d9\'c8\'e7\'d4\'da\'be\'b2\'cc\'ac\'c1\'ac\'bd\'d3\'b5\'c4
\f0 elf
\f1 \'ce\'c4\'bc\'fe\'d6\'d0\'b5\'f7\'d3\'c3\'d5\'e2\'d0\'a9\'ba\'af\'ca\'fd
\f0 (dlopen()
\f1 \'b5\'c8
\f0 )
\f1 \'a3\'ac\'b9\'b2\'cf\'ed
\f0 object
\f1 \'b5\'c4\'d7\'b0\'d4\'d8\'bd\'ab\'bb\'e1\'ca\'a7\'b0\'dc
\f2 \
\

\f0 (# 
\f1 \'be\'b2\'cc\'ac\'c1\'ac\'bd\'d3\'b5\'c4
\f0 elf
\f1 \'ce\'c4\'bc\'fe
\f0  
\f1 \'ce\'c4\'bc\'fe\'cd\'b7\'c0\'ef\'c3\'bb\'d3\'d0\'b6\'af\'cc\'ac\'c1\'ac\'bd\'d3\'c6\'f7\'b5\'c4\'cf\'e0\'b9\'d8\'d0\'c5\'cf\'a2\'a3\'ac\'b2\'bb\'bb\'e1\'d4\'da\'d7\'d4\'bc\'ba\'b5\'c4\'bd\'f8\'b3\'cc\'bf\'d5\'bc\'e4\'bc\'d3\'d4\'d8\'ca\'b9\'d3\'c3\'b6\'af\'cc\'ac\'c1\'ac\'bd\'d3\'c6\'f7\'a3\'ac\'b5\'b1\'c8\'bb\'d2\'b2\'b2\'bb\'c4\'dc\'ca\'b9\'d3\'c3\'c6\'e4\'c4\'da\'b2\'bf\'b0\'fc\'ba\'ac\'b5\'c4\'ba\'af\'ca\'fd
\f0 )
\f1 \'a1\'a3
\f2 \

\f0 (# 
\f1 \'b6\'af\'cc\'ac\'c1\'ac\'bd\'d3\'a3\'ba\'c1\'ac\'bd\'d3\'c6\'f7
\f0 ld
\f1 \'d4\'da\'c1\'ac\'bd\'d3\'ca\'b1\'b2\'bb\'c4\'dc\'cd\'ea\'c8\'ab\'be\'f6\'b6\'a8\'cb\'f9\'d3\'d0\'b7\'fb\'ba\'c5\'b5\'c4\'b5\'d8\'d6\'b7\'a3\'ac\'d4\'da\'b3\'cc\'d0\'f2\'d4\'cb\'d0\'d0\'c6\'da\'bc\'e4\'ca\'b9\'d3\'c3\'b6\'af\'cc\'ac\'c1\'ac\'bd\'d3\'c6\'f7
\f0 rtld
\f1 \'b6\'d4\'b1\'bb\'b5\'f7\'d3\'c3\'ba\'af\'ca\'fd\'b7\'fb\'ba\'c5\'c3\'fb\'d7\'d6\'bd\'f8\'d0\'d0\'b6\'af\'cc\'ac\'bd\'e2\'ce\'f6\'a3\'bb\'be\'b2\'cc\'ac\'c1\'ac\'bd\'d3\'a3\'ba\'c1\'ac\'bd\'d3\'c6\'f7
\f0 ld
\f1 \'d4\'da\'c1\'ac\'bd\'d3\'ca\'b1\'cd\'ea\'c8\'ab\'d6\'aa\'b5\'c0\'b2\'a2\'be\'f6\'b6\'a8\'cb\'f9\'d3\'d0\'b7\'fb\'ba\'c5\'b5\'c4\'b5\'d8\'d6\'b7
\f0 )
\f2 \
\

\f1 \'d6\'b4\'d0\'d0\'c6\'da\'bc\'e4\'b6\'af\'cc\'ac\'c1\'ac\'bd\'d3\'c6\'f7\'b1\'d8\'d0\'eb\'d6\'aa\'b5\'c0\'b5\'c4\'ca\'c7\'a3\'ba
\f2 \

\f0 hash table,
\f2 \

\f0 hash table
\f1 \'d4\'aa\'cb\'d8\'b5\'c4\'ca\'fd\'c4\'bf
\f0 ,\
chain,
\f2 \

\f0 dynamic string table,\
dynamic symbol table
\f2 \
\

\f1 \'c2\'fa\'d7\'e3\'c1\'cb\'d5\'e2\'d0\'a9\'cc\'f5\'bc\'fe\'a3\'ac\'cf\'c2\'c3\'e6\'cb\'e3\'b7\'a8\'ca\'ca\'d3\'c3\'c8\'ce\'ba\'ce
\f0 symbol
\f1 \'b5\'c4\'b5\'d8\'d6\'b7\'bc\'c6\'cb\'e3\'a3\'ba
\f2 \

\f0 1. hn = elf_hash(sym_name) % nbuckets                     # sym_name 
\f1 \'c7\'eb\'c7\'f3\'bd\'e2\'ce\'f6\'b5\'c4\'b7\'fb\'ba\'c5\'c3\'fb
\f2 \

\f0 2. for (ndx = hash[ hn ]; ndx; ndx = chain[ ndx ]) \{      # for
\f1 \'d1\'ad\'bb\'b7\'b1\'e9\'c0\'fa
\f0 sym_tab
\f1 \'b5\'c4\'c3\'bf
\f0 1
\f1 \'b8\'f6\'b1\'ed\'cf\'ee\'a3\'ac
\f0 hash: 
\f1 \'ce\'aa
\f0 hash table
\f2 \

\f0 3.     symbol = sym_tab + ndx                             # sym_tab 
\f1 \'ce\'aa\'b6\'af\'cc\'ac\'b7\'fb\'ba\'c5\'b1\'ed\'a3\'ac\'b2\'ce\'bc\'fb\'ba\'f3\'c3\'e6\'b9\'d8\'d3\'da
\f0 sh_link
\f1 \'b5\'c4\'cb\'b5\'c3\'f7
\f2 \

\f0 4.     if (strcmp(sym_name, str_tab + symbol->st_name) == 0) \
5.           return (load_addr + symbol->st_value); \}     # 
\f1 \'b7\'b5\'bb\'d8\'b7\'fb\'ba\'c5\'d5\'e6\'d5\'fd\'b5\'c4\'c4\'da\'b4\'e6\'b5\'d8\'d6\'b7\'a3\'ba\'c4\'da\'b4\'e6\'bb\'f9\'b5\'d8\'d6\'b7
\f0 +
\f1 \'b7\'fb\'ba\'c5\'c6\'ab\'d2\'c6
\f2 \
\

\f0 (# 4. str_tab
\f1 \'a3\'ba\'b6\'af\'cc\'ac\'d7\'d6\'b7\'fb\'b4\'ae\'b1\'ed\'a3\'bb
\f0 str_tab + symbol->st_name:
\f1 \'b1\'ed\'ca\'be
\f0  
\f1 \'d2\'d4
\f0 symbol
\f1 \'b5\'c4
\f0 st_name
\f1 \'ce\'aa\'cb\'f7\'d2\'fd\'b5\'bd\'b6\'af\'cc\'ac\'d7\'d6\'b7\'fb\'b4\'ae\'b1\'ed
\f0 str_tab
\f1 \'d6\'d0\'b2\'e9\'d5\'d2\'b5\'c3\'b5\'bd
\f0 symbol(
\f1 \'b7\'fb\'ba\'c5
\f0 )
\f1 \'b6\'d4\'d3\'a6\'b5\'c4
\f2 \'94
\f1 \'d7\'d6\'b7\'fb\'b4\'ae\'c3\'fb\'d7\'d6
\f2 \'94
\f0 )
\f2 \

\f0 (# 5. load_addr
\f1 \'ca\'c7\'ce\'c4\'bc\'fe\'bc\'d3\'d4\'d8\'bd\'f8\'c4\'da\'b4\'e6\'b5\'c4\'bb\'f9\'b5\'d8\'d6\'b7\'a1\'a3
\f0 .exe
\f1 \'ce\'c4\'bc\'fe\'c0\'ef\'a3\'ac
\f0 printf
\f1 \'b5\'c4
\f0 symbol->st_value = 0804833c
\f1 \'a3\'ac
\f0  
\f1 \'ca\'b5\'bc\'ca\'c9\'cf\'ca\'c7
\f0 printf
\f1 \'b6\'d4\'d3\'a6\'b5\'c4
\f0 PLT
\f1 \'b1\'ed\'cf\'ee\'b5\'c4\'b5\'d8\'d6\'b7\'a1\'a3
\f0 .exe
\f1 \'ce\'c4\'bc\'fe\'c3\'bf\'b4\'ce\'bc\'d3\'d4\'d8\'bd\'f8\'c4\'da\'b4\'e6\'b5\'c4\'b5\'d8\'d6\'b7\'ca\'c7\'b9\'cc\'b6\'a8\'b2\'bb\'b1\'e4\'b5\'c4\'a3\'ac\'ba\'dc\'b6\'e0\'b7\'fb\'ba\'c5\'b5\'c4\'c4\'da\'b4\'e6\'b5\'d8\'d6\'b7
\f0  
\f1 \'d4\'da\'c1\'ac\'bd\'d3\'ca\'b1\'ba\'f2\'be\'cd\'bf\'c9\'d2\'d4\'c8\'b7\'b6\'a8\'c1\'cb\'a3\'ac\'cb\'f9\'d2\'d4\'b6\'d4\'d3\'da
\f0 .exe
\f1 \'ce\'c4\'bc\'fe\'a3\'ac
\f0 load_addr
\f1 \'ca\'c7\'b2\'bb\'d0\'e8\'d2\'aa\'b5\'c4\'a3\'ac\'c6\'e4\'d6\'b5
\f0 =0
\f1 \'a3\'bb
\f0 .so
\f1 \'ce\'c4\'bc\'fe\'c0\'ef\'a3\'ac
\f0 printf
\f1 \'b5\'c4
\f0 symbol->st_value = 0,
\f1 \'d0\'e8\'d2\'aa\'b6\'af\'cc\'ac\'c1\'ac\'bd\'d3\'c6\'f7\'bd\'f8\'d0\'d0\'d6\'d8\'b6\'a8\'ce\'bb\'bc\'c6\'cb\'e3\'a1\'a3
\f0 .so
\f1 \'ce\'c4\'bc\'fe\'c3\'bf\'b4\'ce\'bc\'d3\'d4\'d8\'bd\'f8\'c4\'da\'b4\'e6\'b5\'c4\'b5\'d8\'d6\'b7\'ca\'c7\'b2\'bb\'b9\'cc\'b6\'a8\'b5\'c4\'a3\'ac\'d2\'f2\'b4\'cb\'d0\'e8\'d2\'aa
\f0 Load_addr
\f1 \'bc\'cd\'c2\'bc\'c6\'e4\'c4\'da\'b4\'e6\'bc\'d3\'d4\'d8\'bb\'f9\'b5\'d8\'d6\'b7\'a1\'a3\'d3\'a6\'b8\'c3\'d2\'d4
\f0 .so
\f1 \'ce\'c4\'bc\'fe\'bd\'f8\'d0\'d0\'d1\'dd\'ca\'be\'b8\'fc\'c8\'dd\'d2\'d7\'cb\'b5\'c3\'f7\'ce\'ca\'cc\'e2\'a1\'a3
\f0 )
\f2 \
\

\f1 \'b5\'da
\f0 1
\f1 \'d0\'d0\'a3\'ba
\f0 hash
\f1 \'ba\'c5
\f0 hn 
\f1 \'ca\'c7
\f0 elf_hash()
\f1 \'b5\'c4\'b7\'b5\'bb\'d8\'d6\'b5\'a3\'ac\'d4\'da
\f0 elf
\f1 \'b9\'e6\'b7\'b6\'b5\'c4\'b5\'da
\f0 4
\f1 \'b2\'bf\'b7\'d6\'d3\'d0\'b6\'a8\'d2\'e5\'a3\'ac\'d2\'d4
\f0 hash table
\f1 \'d6\'d0\'d4\'aa\'cb\'d8\'b8\'f6\'ca\'fd\'c8\'a1\'c4\'a3\'a1\'a3
\f2 \

\f1 \'b5\'da
\f0 2
\f1 \'d0\'d0\'a3\'ba
\f0 hn
\f1 \'b1\'bb\'d3\'c3\'c0\'b4\'d7\'f6
\f0 hash table
\f1 \'b5\'c4\'cf\'c2\'b1\'ea\'cb\'f7\'d2\'fd\'a3\'ac\'c7\'f3\'b5\'c3
\f0 hash
\f1 \'d6\'b5\'a3\'ac\'d5\'d2\'b3\'f6\'d3\'eb\'d6\'ae\'c6\'a5\'c5\'e4\'b5\'c4\'b7\'fb\'ba\'c5\'c3\'fb\'b5\'c4
\f0 chain
\f1 \'b5\'c4\'cb\'f7\'d2\'fd
\f0 :ndx
\f1 \'a1\'a3
\f2 \

\f1 \'b5\'da
\f0 3
\f1 \'d0\'d0\'a3\'ba\'d2\'d4
\f0 ndx
\f1 \'ce\'aa\'cb\'f7\'d2\'fd\'a3\'ac\'b5\'bd\'b6\'af\'cc\'ac\'b7\'fb\'ba\'c5\'b1\'ed
\f0 sym_tab
\f1 \'d6\'d0\'bb\'f1\'b5\'c3\'b7\'fb\'ba\'c5
\f0 :symbol
\f1 \'a1\'a3
\f2 \

\f1 \'b5\'da
\f0 4
\f1 \'d0\'d0\'a3\'ba\'b1\'c8\'bd\'cf
\f0  
\f1 \'bb\'f1\'b5\'c3\'b5\'c4
\f2 \'94
\f1 \'d7\'d6\'b7\'fb\'b4\'ae\'c3\'fb\'d7\'d6
\f2 \'94
\f0 (str_tab + symbol->st_name) 
\f1 \'ba\'cd
\f0  
\f1 \'c7\'eb\'c7\'f3\'bd\'e2\'ce\'f6\'b5\'c4\'b7\'fb\'ba\'c5\'c3\'fb
\f0 (sym_name) 
\f1 \'ca\'c7\'b7\'f1\'cf\'e0\'cd\'ac\'a1\'a3
\f2 \

\f1 \'ca\'b9\'d3\'c3\'d5\'e2\'b8\'f6\'cb\'e3\'b7\'a8\'a3\'ac\'be\'cd\'bf\'c9\'d2\'d4\'bc\'f2\'b5\'a5\'bd\'e2\'ce\'f6\'c8\'ce\'ba\'ce\'b7\'fb\'ba\'c5\'c1\'cb\'a1\'a3
\f0  \
\
\

\f1 \'a1\'ef\'a1\'ef
\f0  
\f1 \'d1\'dd\'ca\'be
\f0  
\f2 \

\f0 /* test.c */\
#include <stdio.h> \
int main(int argc, char *argv[]) \
\{ \
\pard\pardeftab720\fi720\ri0\partightenfactor0
\cf0 printf("Hello, world\\n"); \
return 0; \
\pard\pardeftab720\ri0\partightenfactor0

\f2 \cf0 \}\
\pard\pardeftab720\ri0\partightenfactor0

\f0 \cf0  \
[alert7@redhat]$ gcc -o test test.c \
[alert7@redhat]$ ./test \
Hello, world \
[alert7@redhat]$ readelf -a ./test\
...\
...\
Relocation section '.rel.got' at offset 0x270 contains 1 entries:\
  Offset    Info  Type            Symbol's Value  Symbol's Name\
  0804948c  00706 R_386_GLOB_DAT        00000000  __gmon_start__           \
\
Relocation section '.rel.plt' at offset 0x278 contains 4 entries: \
\pard\pardeftab720\fi200\ri0\partightenfactor0
\cf0 Offset   Info  Type             Symbol's Value  Symbol's Name \
0804947c 00107 R_386_JUMP_SLOT  080482d8        __register_frame_info \
08049480 00207 R_386_JUMP_SLOT  080482e8        __deregister_frame_info \
08049484 00307 R_386_JUMP_SLOT  080482f8        __libc_start_main \
08049488 00407 R_386_JUMP_SLOT  08048308        printf \
\pard\pardeftab720\ri0\partightenfactor0
\cf0 (
\f1 \'d6\'bb\'d3\'d0
\f0 R_386_JMP_SLOT
\f1 \'b5\'c4\'d6\'d8\'b6\'a8\'ce\'bb\'c0\'e0\'d0\'cd\'b2\'c5\'bb\'e1\'b3\'f6\'cf\'d6\'d4\'da
\f0 GOT
\f1 \'d6\'d0\'a1\'a3
\f0 )\
...\
...\
Symbol table '.dynsym' contains 7 entries:   # .dynsym section
\f1 \'b1\'a3\'b4\'e6\'d7\'c5\'b6\'af\'cc\'ac\'b7\'fb\'ba\'c5\'b1\'ed
\f2 \

\f0 Num: Value  Size Type    Bind   Ot  Ndx  Name \
0: 0        0    NOTYPE  LOCAL  0   UND \
1: 80482d8  116  FUNC    WEAK   0   UND  __register_frame_info@GLIBC_2.0 (2) \
2: 80482e8  162  FUNC    WEAK   0   UND  __deregister_frame_info@GLIBC_2.0 (2) \
3: 80482f8  261  FUNC    GLOBAL 0   UND  __libc_start_main@GLIBC_2.0 (2) \
4: 8048308  41   FUNC    GLOBAL 0   UND  printf@GLIBC_2.0 (2) \
5: 804843c  4    OBJECT  GLOBAL 0   14   _IO_stdin_used \
6: 0        0    NOTYPE  WEAK   0   UND  __gmon_start__ \
\
\
[alert7@redhat]$ objdump -x test \
... \
Dynamic Section:   # .dynamic section\
NEEDED libc.so.6 \
INIT 0x8048298 \
FINI 0x804841c \
HASH 0x8048128 \
STRTAB 0x80481c8 \
\pard\pardeftab720\ri0\partightenfactor0
\cf3 SYMTAB 0x8048158\cf0    # 
\f1 \'d6\'b8\'cf\'f2
\f0  .dynsym section\
STRSZ 0x70 \
SYMENT 0x10 \
DEBUG 0x0 \
PLTGOT 0x8049470 \
PLTRELSZ 0x20 \
PLTREL 0x11 \
\cf3 JMPREL 0x8048278\cf0    # 
\f1 \'d6\'b8\'cf\'f2
\f0  .rel.plt section\
REL 0x8048270 \
RELSZ 0x8 \
RELENT 0x8 \
VERNEED 0x8048250 \
VERNEEDNUM 0x1 \
VERSYM 0x8048242 \
... \
7 .rel.got 00000008 08048270 08048270 00000270 2**2 \
CONTENTS, ALLOC, LOAD, READONLY, DATA \
8 .rel.plt 00000020 08048278 08048278 00000278 2**2 \
CONTENTS, ALLOC, LOAD, READONLY, DATA \
9 .init 0000002f 08048298 08048298 00000298 2**2 \
CONTENTS, ALLOC, LOAD, READONLY, CODE \
\cf3 10 .plt\cf0  00000050 \cf3 080482c8\cf0  080482c8 000002c8 2**2 \
CONTENTS, ALLOC, LOAD, READONLY, CODE \
11 .text 000000fc 08048320 08048320 00000320 2**4 \
CONTENTS, ALLOC, LOAD, READONLY, CODE \
12 .fini 0000001a 0804841c 0804841c 0000041c 2**2 \
CONTENTS, ALLOC, LOAD, READONLY, CODE \
13 .rodata 00000016 08048438 08048438 00000438 2**2 \
CONTENTS, ALLOC, LOAD, READONLY, DATA \
14 .data 0000000c 08049450 08049450 00000450 2**2 \
CONTENTS, ALLOC, LOAD, DATA \
15 .eh_frame 00000004 0804945c 0804945c 0000045c 2**2 \
CONTENTS, ALLOC, LOAD, DATA \
16 .ctors 00000008 08049460 08049460 00000460 2**2 \
CONTENTS, ALLOC, LOAD, DATA \
17 .dtors 00000008 08049468 08049468 00000468 2**2 \
CONTENTS, ALLOC, LOAD, DATA \
\cf3 18 .got\cf0  00000020 \cf3 08049470\cf0  08049470 00000470 2**2 \
CONTENTS, ALLOC, LOAD, DATA \
\cf3 19 .dynamic\cf0  000000a0 \cf3 08049490\cf0  08049490 00000490 2**2 \
CONTENTS, ALLOC, LOAD, DATA \
... \
[alert7@redhat]$ gdb -q test \
(gdb) disass main \
Dump of assembler code for function main: \
0x80483d0 <main>: push %ebp \
0x80483d1 <main+1>: mov %esp,%ebp \
0x80483d3 <main+3>: push $0x8048440 \
\cf3 0x80483d8\cf0  <main+8>: call \cf3 0x8048308\cf0  <printf>     # printf
\f1 \'bf\'e2\'ba\'af\'ca\'fd\'ca\'c7\'c8\'ab\'be\'d6\'ba\'af\'ca\'fd\'a3\'ac\'d2\'f2\'b4\'cb\'b7\'fb\'ba\'c5\'b1\'ed\'c0\'ef\'cf\'d4\'ca\'be\'c6\'e4\'ca\'f4\'d0\'d4\'ce\'aa
\f0 global
\f1 \'a1\'a3\'b6\'d4\'d3\'a6\'b5\'c4
\f0 plt
\f1 \'b1\'ed\'cf\'ee\'ce\'aa
\f0 PLT[4]
\f1 \'a3\'ac
\f0 0x8048308
\f1 \'ca\'c7
\f0 PLT[4]
\f1 \'b5\'c4\'b5\'d8\'d6\'b7\'a3\'ac\'b6\'f8\'b2\'bb\'ca\'c7
\f0 printf
\f1 \'b5\'c4\'d5\'e6\'ca\'b5\'b5\'d8\'d6\'b7\'a1\'a3
\f0 PLT[4]
\f1 \'d6\'d0\'b5\'c4\'b4\'fa\'c2\'eb\'d3\'c3\'c0\'b4\'d6\'d8\'b6\'a8\'ce\'bb
\f0 printf
\f1 \'b5\'c4\'d5\'e6\'ca\'b5\'c4\'da\'b4\'e6\'b5\'d8\'d6\'b7\'b2\'a2\'b0\'d1\'bf\'d8\'d6\'c6\'c8\'a8\'d7\'aa\'b8\'f8
\f0 printf
\f2 \
\pard\pardeftab720\ri0\partightenfactor0

\f0 \cf0 0x80483dd <main+13>: add $0x4,%esp \
0x80483e0 <main+16>: xor %eax,%eax \
0x80483e2 <main+18>: jmp 0x80483e4 <main+20> \
0x80483e4 <main+20>: leave \
0x80483e5 <main+21>: ret \
(gdb) b * 0x80483d8 \
Breakpoint 1 at 0x80483d8 \
(gdb) r \
Starting program: /home/alert7/test \
Breakpoint 1, 0x80483d8 in main () \
(gdb) disass 0x8048308     
\f1\b \cf3 \'a2\'d9
\f0\b0 \cf0  
\f1\b \'a2\'c5
\f0\b0             // 0x8048308
\f1 \'ca\'c7
\f0 printf
\f1 \'b6\'d4\'d3\'a6\'b5\'c4
\f0 PLT[4]
\f1 \'b5\'c4\'b5\'d8\'d6\'b7
\f0  \
\pard\pardeftab720\fi4400\ri0\partightenfactor0
\cf0 //
\f1 \'c1\'ac\'bd\'d3\'c6\'f7\'bd\'ab\'b8\'c3\'b5\'d8\'d6\'b7\'b1\'a3\'b4\'e6\'d4\'da
\f0 printf
\f1 \'b6\'d4\'d3\'a6\'b5\'c4
\f0 .rel.plt
\f1 \'d6\'d8\'b6\'a8\'ce\'bb\'b1\'ed\'cf\'ee\'c0\'ef\'c3\'e6
\f2 \
\pard\pardeftab720\li4600\fi-4600\ri0\partightenfactor0

\f0 \cf0 0x8048308 <printf>: jmp *\cf3 0x8049488
\f2 \cf0 \
\pard\pardeftab720\ri0\partightenfactor0

\f0 \cf3 0x804830e\cf0  <printf+6>: push $0x18
\f2 \
\pard\pardeftab720\ri0\partightenfactor0

\f0 \cf0 0x8048313 <printf+11>: jmp 0x80482c8 <_init+48>
\f2 \
\pard\pardeftab720\fi5200\ri0\partightenfactor0
\cf0 \
\pard\pardeftab720\ri0\partightenfactor0

\f0 \cf0 (gdb) x \cf3 0x8049488\cf0               // 0x8049488
\f1 \'ca\'c7
\f0 GOT[6]
\f1 \'b5\'c4\'b5\'d8\'d6\'b7\'a3\'ac\'d4\'da
\f0 GOT
\f1 \'b1\'ed\'d6\'d0
\f0 printf
\f1 \'b7\'fb\'ba\'c5\'b6\'d4\'d3\'a6
\f0 GOT[6]\
0x8049488 <_GLOBAL_OFFSET_TABLE_+24>: \cf3 0x0804830e\cf0    //
\f1 \'b4\'cb\'ca\'b1\'a3\'ac
\f0 GOT[6]
\f1 \'d6\'d0\'b4\'e6\'b7\'c5\'b5\'c4\'d6\'b5\'ca\'c7
\f0 0x804830e\
                                                   //
\f1 \'ca\'c7
\f0 PLT[4]
\f1 \'d6\'d0\'b5\'c4
\f0 push $0x18
\f1 \'d6\'b8\'c1\'ee\'b5\'c4\'b5\'d8\'d6\'b7
\f2 \
\

\f0 (gdb) disass 0x80482c8     
\f1\b \cf3 \'a2\'da
\f0\b0 \cf0                  //
\f1 \'b2\'e9\'bf\'b4
\f0 PLT
\f1 \'b1\'ed\'b5\'c4\'c4\'da\'c8\'dd\'a3\'ac
\f0 0x80482c8
\f1 \'ca\'c7
\f0 .plt section
\f1 \'b5\'c4\'bf\'aa\'ca\'bc\'b5\'d8\'d6\'b7
\f2 \

\f0 PLT
\f1 \'b1\'ed\'b5\'c4
\f0 PLT[0]
\f1 \'b1\'ed\'cf\'ee
\f0 :
\f2 \cf3 \
\pard\pardeftab720\ri0\partightenfactor0

\f0 \cf3 80482c8\cf0 : ff 35 74 94 04 08 pushl 0x8049474    // pushl GOT[1] //0x8049474
\f1 \'ca\'c7
\f0 GOT[1]
\f1 \'b5\'c4\'b5\'d8\'d6\'b7
\f2 \
\pard\pardeftab720\ri0\partightenfactor0

\f0 \cf0 80482ce: ff 25 78 94 04 08 jmp *0x8049478     // jmp GOT[2]  //0x8049478
\f1 \'ca\'c7
\f0 GOT[2]
\f1 \'b5\'c4\'b5\'d8\'d6\'b7
\f2 \

\f0 80482d4: 00 00 add %al,(%eax) \
80482d6: 00 00 add %al,(%eax) \
PLT
\f1 \'b1\'ed\'b5\'c4
\f0 PLT[1]
\f1 \'b1\'ed\'cf\'ee
\f0 :
\f2 \

\f0 80482d8: ff 25 7c 94 04 08 jmp *0x804947c         // jmp GOT[3] //0x804947c
\f1 \'ca\'c7
\f0 GOT[3]
\f1 \'b5\'c4\'b5\'d8\'d6\'b7
\f2 \

\f0 80482de: 68 00 00 00 00 push $0x0 \
80482e3: e9 e0 ff ff ff jmp 80482c8 <_init+0x30>  // 0x80482c8
\f1 \'ca\'c7
\f0 PLT[0] 
\f1 \'b5\'c4\'b5\'d8\'d6\'b7
\f2 \

\f0 PLT
\f1 \'b1\'ed\'b5\'c4
\f0 PLT[2]
\f1 \'b1\'ed\'cf\'ee
\f0 :
\f2 \

\f0 80482e8: ff 25 80 94 04 08 jmp *0x8049480         // jmp GOT[4] //0x8049480
\f1 \'ca\'c7
\f0 GOT[4]
\f1 \'b5\'c4\'b5\'d8\'d6\'b7
\f2 \

\f0 80482ee: 68 08 00 00 00 push $0x8 \
80482f3: e9 d0 ff ff ff jmp 80482c8 <_init+0x30>  // 0x80482c8
\f1 \'ca\'c7
\f0 PLT[0] 
\f1 \'b5\'c4\'b5\'d8\'d6\'b7
\f2 \

\f0 PLT
\f1 \'b1\'ed\'b5\'c4
\f0 PLT[3]
\f1 \'b1\'ed\'cf\'ee
\f0 :
\f2 \

\f0 80482f8: ff 25 84 94 04 08 jmp *0x8049484         // jmp GOT[5] //0x8049484
\f1 \'ca\'c7
\f0 GOT[5]
\f1 \'b5\'c4\'b5\'d8\'d6\'b7
\f2 \

\f0 80482fe: 68 10 00 00 00 push $0x10 \
8048303: e9 c0 ff ff ff jmp 80482c8 <_init+0x30>  // 0x80482c8
\f1 \'ca\'c7
\f0 PLT[0] 
\f1 \'b5\'c4\'b5\'d8\'d6\'b7
\f2 \

\f0 PLT
\f1 \'b1\'ed\'b5\'c4
\f0 PLT[4]
\f1 \'b1\'ed\'cf\'ee
\f0 :
\f2 \

\f0 8048308: ff 25 88 94 04 08 jmp *\cf3 0x8049488\cf0          // jmp GOT[6] //\cf3 0x8049488
\f1 \cf0 \'ca\'c7
\f0 GOT[6]
\f1 \'b5\'c4\'b5\'d8\'d6\'b7
\f2 \

\f0 804830e: 68 18 00 00 00 push $0x18                // $0x18 
\f1 \'ce\'aa
\f0 printf
\f1 \'b7\'fb\'ba\'c5\'d4\'da
\f0 .rel.plt
\f1 \'d6\'d0\'a3\'ac\'b6\'d4\'d3\'a6\'b5\'c4\'d6\'d8\'b6\'a8\'ce\'bb\'b1\'ed\'cf\'ee\'b5\'c4\'c6\'ab\'d2\'c6\'c1\'bf
\f2 \

\f0 8048313: e9 b0 ff ff ff jmp 80482c8 <_init+0x30>  // 0x80482c8
\f1 \'ca\'c7
\f0 PLT[0] 
\f1 \'b5\'c4\'b5\'d8\'d6\'b7
\f2 \
\

\f0 (gdb) b * 0x80482c8         //
\f1 \'d4\'da\'bc\'b4\'bd\'ab\'cc\'f8\'b5\'bd
\f0 PLT[0]
\f1 \'d6\'ae\'c7\'b0\'c9\'e8\'d6\'c3\'b6\'cf\'b5\'e3\'a3\'bb
\f2 \

\f0 Breakpoint 2 at 0x80482c8 \
(gdb) c \
Continuing. \
Breakpoint 2, 0x80482c8 in _init ()\
(gdb) x/8x 0x8049470        //
\f1 \'b2\'e9\'bf\'b4
\f0 GOT
\f1 \'b1\'ed\'c7\'b0
\f0 2
\f1 \'cf\'ee\'b5\'c4\'c4\'da\'c8\'dd\'a3\'ac
\f0 0x8049470
\f1 \'ca\'c7
\f0 .got section
\f1 \'b5\'c4\'bf\'aa\'ca\'bc\'b5\'d8\'d6\'b7
\f2 \

\f0 0x8049470 <_GLOBAL_OFFSET_TABLE_>: 0x08049490 \cf3 0x40013ed0\cf0  \cf3 0x4000a960\cf0  0x400fa550 \
0x8049480 <_GLOBAL_OFFSET_TABLE_+16>: 0x080482ee 0x400328cc \cf3 0x0804830e\cf0  0x00000000 \
\
\pard\pardeftab720\ri0\partightenfactor0
\cf2 GOT
\f1 \'b1\'ed\'ca\'c7\'d2\'bb\'b8\'f6\'bc\'f2\'b5\'a5\'ca\'fd\'d7\'e9\'a3\'ac\'b4\'e6\'b7\'c5\'b8\'f7\'d6\'d6\'b5\'c4\'be\'f8\'b6\'d4\'b5\'d8\'d6\'b7\'a1\'a3
\f2 \

\f0 GOT[0]= 0x08049490,
\f1 \'ca\'c7\'b6\'af\'cc\'ac\'c1\'ac\'bd\'d3\'ca\'fd\'d7\'e9
\f0 _dynamic[]
\f1 \'b5\'d8\'d6\'b7
\f0 (
\f1 \'bc\'b4
\f0  .dynamic section
\f1 \'b5\'c4\'c6\'f0\'ca\'bc\'b5\'d8\'d6\'b7
\f0 )
\f1 \'a3\'bb
\f2 \

\f0 GOT[1]= 0x40013ed0 
\f1 \'b4\'cb\'b4\'a6\'ca\'c7\'d2\'bb\'b8\'f6\'bc\'f8\'b1\'f0\'d0\'c5\'cf\'a2
\f0 \'93
\f1 \'d7\'d6
\f0 \'94
\f1 \'a3\'bb\'ca\'c7\'d2\'bb\'b8\'f6
\f0 link_map
\f1 \'c0\'e0\'d0\'cd\'b5\'c4\'d6\'b8\'d5\'eb\'a3\'bb
\f2 \

\f0 GOT[2]= 0x4000a960
\f1 \'ca\'c7\'b6\'af\'cc\'ac\'c1\'ac\'bd\'d3\'c6\'f7\'b5\'c4\'bd\'e2\'ce\'f6\'ba\'af\'ca\'fd
\f0 \cf0 <_dl_runtime_resolve>
\f1 \cf2 \'b5\'c4\'c8\'eb\'bf\'da\'b5\'d8\'d6\'b7\'a1\'a3
\f2 \

\f1 \'ce\'d2\'c3\'c7\'bf\'c9\'d2\'d4\'bf\'b4\'b5\'bd\'a3\'ba\'d4\'da\'b5\'da
\f0 1
\f1 \'b4\'ce\'b5\'f7\'d3\'c3
\f0 printf
\f1 \'d6\'ae\'c7\'b0\'a3\'ac
\f0 printf
\f1 \'b7\'fb\'ba\'c5\'b6\'d4\'d3\'a6\'b5\'c4
\f0 GOT[6] = 0x0804830e
\f1 \'a3\'ac\'ca\'c7
\f0 PLT[4]
\f1 \'d6\'d0
\f0 : push $0x18
\f1 \'d6\'b8\'c1\'ee\'b5\'c4\'b5\'d8\'d6\'b7\'a1\'a3
\f2 \
\pard\pardeftab720\ri0\partightenfactor0
\cf0 \
\pard\pardeftab720\ri0\partightenfactor0

\f0 \cf0 (gdb) x/50x 0x40013ed0     //
\f1 \'bc\'cc\'d0\'f8\'b2\'ec\'bf\'b4
\f0 GOT[1]
\f1 \'b5\'c4\'cf\'ea\'cf\'b8\'c4\'da\'c8\'dd
\f0  \
\pard\pardeftab720\ri0\partightenfactor0
\cf0 \ul \ulc0 0x40013ed0: 0x00000000 0x40010c27 \cf3 \ulc3 0x08049490\cf0 \ulc0  0x400143e0 \
\pard\pardeftab720\ri0\partightenfactor0
\cf0 \ulnone 0x40013ee0: 0x00000000 0x40014100 0x00000000 0x08049490 \
0x40013ef0: 0x080494e0 0x080494d8 0x080494a8 0x080494b0 \
0x40013f00: 0x080494b8 0x00000000 0x00000000 0x00000000 \
0x40013f10: 0x080494c0 0x080494c8 0x08049498 0x080494a0 \
0x40013f20: 0x00000000 0x00000000 0x00000000 0x080494f8 \
0x40013f30: 0x08049500 0x08049508 0x080494e8 0x080494d0 \
0x40013f40: 0x00000000 0x080494f0 0x00000000 0x00000000 \
0x40013f50: 0x00000000 0x00000000 0x00000000 0x00000000 \
0x40013f60: 0x00000000 0x00000000 0x00000000 0x00000000 \
\pard\pardeftab720\ri0\partightenfactor0

\f2 \cf0 \
\pard\pardeftab720\ri0\partightenfactor0

\f0 \cf0 GOT[1]
\f1 \'ca\'c7\'d2\'bb\'b8\'f6\'bc\'f8\'b1\'f0\'d0\'c5\'cf\'a2\'a3\'ac\'ca\'c7
\f0 link_map
\f1 \'c0\'e0\'d0\'cd\'b5\'c4\'d2\'bb\'b8\'f6\'d6\'b8\'d5\'eb\'a3\'bb
\f2 \

\f0 /usr/include/link.h  link_map
\f1 \'b6\'a8\'d2\'e5\'c8\'e7\'cf\'c2\'a3\'ba
\f2 \

\f0 struct link_map\
  \{\
    /* These first few members are part of the protocol with the debugger.\
       This is the same format used in SVR4.  */\
\
    ElfW(Addr) l_addr;          /* Base address shared object is loaded at.  */\
    char *l_name;               /* Absolute file name object was found in.  */\
    ElfW(Dyn) *l_ld;            /* Dynamic section of the shared object.  */\
    struct link_map *l_next, *l_prev; /* Chain of loaded objects.  */\
  \};\
\

\f1 \'ce\'d2\'c3\'c7\'bf\'c9\'d2\'d4\'bf\'b4\'b5\'bd\'a3\'ba
\f0 l_ld = 0x08049490 
\f1 \'bc\'b4
\f0  .dynamic section 
\f1 \'b5\'c4\'ca\'d7\'b5\'d8\'d6\'b7
\f2 \
\
\

\f0 (gdb) disass 0x4000a960    
\f1\b \cf3 \'a2\'db
\f0\b0 \cf0    //
\f1 \'bc\'cc\'d0\'f8\'b2\'ec\'bf\'b4
\f0 GOT[2]
\f1 \'b5\'c4\'cf\'ea\'cf\'b8\'c4\'da\'c8\'dd
\f2 \

\f0 Dump of assembler code for function _dl_runtime_resolve: \
0x4000a960 <_dl_runtime_resolve>: push %eax \
0x4000a961 <_dl_runtime_resolve+1>: push %ecx \
0x4000a962 <_dl_runtime_resolve+2>: push %edx \
0x4000a963 <_dl_runtime_resolve+3>: mov 0x10(%esp,1),%edx     //
\f1 \'b2\'ce\'ca\'fd
\f0 1
\f1 \'a3\'ba
\f0 0x10(%esp,1)
\f1 \'be\'cd\'ca\'c7\'d4\'da
\f0 PLT[4]
\f1 \'b4\'a6
\f0 push
\f1 \'b5\'c4
\f0 0x18
\f2 \

\f0 0x4000a967 <_dl_runtime_resolve+7>: mov 0xc(%esp,1),%eax      //
\f1 \'b2\'ce\'ca\'fd
\f0 2
\f1 \'a3\'ba
\f0 0xc(%esp,1)
\f1 \'be\'cd\'ca\'c7\'d4\'da
\f0 PLT[0]
\f1 \'b4\'a6
\f0 pushl
\f1 \'b5\'c4
\f0 GOT[1]
\f2 \

\f0 0x4000a96b <_dl_runtime_resolve+11>: call 0x4000a740 <fixup>  //
\f1 \'b5\'f7\'d3\'c3\'d5\'e6\'d5\'fd\'b5\'c4\'b7\'fb\'ba\'c5\'bd\'e2\'ce\'f6\'ba\'af\'ca\'fd
\f0 fixup()
\f1 \'a3\'ac\'bd\'e2\'ce\'f6\'b3\'f6
\f0 printf
\f2 \
\pard\pardeftab720\fi6200\ri0\partightenfactor0

\f0 \cf0 //
\f1 \'b5\'c4\'d5\'e6\'ca\'b5\'c4\'da\'b4\'e6\'b5\'d8\'d6\'b7\'a3\'ac\'c8\'bb\'ba\'f3\'b1\'a3\'b4\'e6\'d4\'da
\f0 GOT[6]
\f1 \'c0\'ef\'c3\'e6
\f0  \
\pard\pardeftab720\ri0\partightenfactor0
\cf0 0x4000a970 <_dl_runtime_resolve+16>: pop %edx \
0x4000a971 <_dl_runtime_resolve+17>: pop %ecx \
\pard\pardeftab720\ri0\partightenfactor0
\cf3 0x4000a972\cf0  <_dl_runtime_resolve+18>: xchg %eax,(%esp,1) \
\cf3 0x4000a975\cf0  <_dl_runtime_resolve+21>: ret $0x8         //
\f1 \'cc\'f8\'b5\'bd
\f0 printf
\f1 \'ba\'af\'ca\'fd\'d5\'e6\'ca\'b5\'b5\'d8\'d6\'b7\'b4\'a6\'d6\'b4\'d0\'d0
\f0  \
0x4000a978 <_dl_runtime_resolve+24>: nop \
0x4000a979 <_dl_runtime_resolve+25>: lea 0x0(%esi,1),%esi \
End of assembler dump. \
(gdb) x 0x8049488            //
\f1 \'d4\'da
\f0 call 0x4000a740 <fixup>
\f1 \'d6\'b4\'d0\'d0\'d6\'ae\'c7\'b0\'a3\'ac\'ce\'d2\'c3\'c7\'bf\'b4\'b5\'bd
\f0 GOT[6]
\f1 \'d6\'d0\'b5\'c4\'d6\'b5\'bb\'b9\'c3\'bb\'d3\'d0\'b1\'bb\'b8\'c4\'b1\'e4
\f2 \
\pard\pardeftab720\ri0\partightenfactor0

\f0 \cf0 0x8049488 <_GLOBAL_OFFSET_TABLE_+24>: 0x0804830e\
(gdb) i reg $eax $esp\
(gdb) b * 0x4000a972         //
\f1 \'d4\'da
\f0 call 0x4000a740 <fixup> 
\f1 \'d6\'b4\'d0\'d0\'cd\'ea\'b1\'cf\'d6\'ae\'ba\'f3\'c9\'e8\'d6\'c3\'b6\'cf\'b5\'e3
\f2 \

\f0 Breakpoint 4 at 0x4000a972: file dl-runtime.c, line 182. \
(gdb) c \
Continuing. \
Breakpoint 4, 0x4000a972 in _dl_runtime_resolve () at dl-runtime.c:182 \
182 in dl-runtime.c \
(gdb) i reg $eax $esp        //
\f1 \'b4\'cb\'ca\'b1\'a3\'ac
\f0 call 0x4000a740 <fixup>
\f1 \'d6\'b4\'d0\'d0\'cd\'ea\'b1\'cf
\f0 ,$eax
\f1 \'d6\'d0\'b7\'c5\'d7\'c5
\f0 fixup()
\f1 \'b5\'c4\'b7\'b5\'bb\'d8\'d6\'b5
\f0 \cf2 0x4006804c
\f2 \cf0 \

\f0 eax \cf2 0x4006804c\cf0  1074167884 \
esp 0xbffffb64 -1073743004 \
(gdb) disass \cf2 0x4006804c\cf0       //0x4006804c 
\f1 \'ca\'c7
\f0 printf
\f1 \'ba\'af\'ca\'fd\'b5\'c4\'d5\'e6\'ca\'b5\'c4\'da\'b4\'e6\'b5\'d8\'d6\'b7
\f2 \

\f0 Dump of assembler code for function printf:\
0x4006804c <printf>:    push   %ebp\
0x4006804d <printf+1>:  mov    %esp,%ebp\
(gdb) x 0x8049488            //
\f1 \'b4\'cb\'ca\'b1\'a3\'ac\'ce\'d2\'c3\'c7\'d4\'d9\'b4\'ce\'b2\'e9\'bf\'b4
\f0 GOT[6]
\f1 \'d6\'d0\'b5\'c4\'d6\'b5\'a3\'ac\'d2\'d1\'b1\'bb\'b8\'c4\'b1\'e4\'ce\'aa
\f0 printf
\f1 \'ba\'af\'ca\'fd\'b5\'c4\'d5\'e6\'ca\'b5\'c4\'da\'b4\'e6\'b5\'d8\'d6\'b7
\f2 \

\f0 0x8049488 <_GLOBAL_OFFSET_TABLE_+24>: \cf2 0x4006804c
\f2 \cf0 \
\

\f0 (gdb) si       //
\f1 \'b5\'a5\'b2\'bd\'d6\'b4\'d0\'d0
\f0 : 0x4000a972  xchg %eax,(%esp,1)  
\f1 \cf2 \'b0\'d1
\f0 0x4006804c
\f1 \'d1\'b9\'c8\'eb\'b6\'d1\'d5\'bb
\f2 \cf0 \

\f0 (gdb) i reg $eax $esp $eip\
(gdb) si       //
\f1 \'b5\'a5\'b2\'bd\'d6\'b4\'d0\'d0
\f0 : 0x4000a975  ret $0x8   \cf2 ret
\f1 \'b7\'b5\'bb\'d8\'ca\'b1\'b8\'d5\'ba\'c3\'cc\'f8\'b5\'bd
\f0 0x4006804c
\f1 \'b4\'a6\'d6\'b4\'d0\'d0\'a3\'ac\'d2\'b2\'be\'cd\'ca\'c7\'d6\'b4\'d0\'d0
\f0 printf
\f2 \cf0 \

\f0 (gdb) i reg $eax $esp $eip
\f2 \
\

\f0 (gdb) disass    
\f1\b \cf3 \'a2\'dc
\f0\b0 \cf0  
\f1\b \'a2\'c6
\f0\b0  \
Dump of assembler code for function printf: \
0x4006804c <printf>: push %ebp \
0x4006804d <printf+1>: mov %esp,%ebp \
0x4006804f <printf+3>: push %ebx \
0x40068050 <printf+4>: call 0x40068055 <printf+9> \
0x40068055 <printf+9>: pop %ebx \
0x40068056 <printf+10>: add $0xa2197,%ebx \
0x4006805c <printf+16>: lea 0xc(%ebp),%eax \
0x4006805f <printf+19>: push %eax \
0x40068060 <printf+20>: pushl 0x8(%ebp) \
0x40068063 <printf+23>: mov 0x81c(%ebx),%eax \
0x40068069 <printf+29>: pushl (%eax) \
0x4006806b <printf+31>: call 0x400325b4 \
0x40068070 <printf+36>: mov 0xfffffffc(%ebp),%ebx \
0x40068073 <printf+39>: leave \
0x40068074 <printf+40>: ret \
End of assembler dump. \
(gdb) x/8x 0x8049470 \
0x8049470 <_GLOBAL_OFFSET_TABLE_>: 0x08049490 0x40013ed0 0x4000a960 0x400fa550 \
0x8049480 <_GLOBAL_OFFSET_TABLE_+16>: 0x080482ee 0x400328cc \cf3 0x4006804c\cf0  0x00000000 \
//
\f1 \'bf\'c9\'d2\'d4\'bf\'b4\'b5\'bd
\f0 GOT[6]
\f1 \'d7\'ee\'d6\'d5\'b1\'bb\'d0\'de\'d5\'fd\'ce\'aa
\f0 printf
\f1 \'b5\'c4\'d5\'e6\'ca\'b5\'b5\'d8\'d6\'b7\'a3\'ba
\f0 0x4006804c\
\
\

\f1 \'b5\'da\'d2\'bb\'b4\'ce\'b5\'f7\'d3\'c3
\f0 printf()
\f1 \'b5\'c4\'ca\'b1\'ba\'f2\'d0\'e8\'d2\'aa\'be\'ad\'b9\'fd
\b \cf3 \'a2\'d9
\f0\b0 \cf0 ->
\f1\b \cf3 \'a2\'da
\f0\b0 \cf0 ->
\f1\b \cf3 \'a2\'db
\f0\b0 \cf0 ->
\f1\b \cf3 \'a2\'dc
\f2\b0 \cf0 \

\f1 \'d2\'d4\'ba\'f3\'b5\'f7\'d3\'c3
\f0 printf()
\f1 \'b5\'c4\'ca\'b1\'ba\'f2\'be\'cd\'b2\'bb\'d0\'e8\'d2\'aa\'d5\'e2\'c3\'b4\'b8\'b4\'d4\'d3\'c1\'cb\'a3\'ac\'d6\'bb\'d2\'aa\'be\'ad\'b9\'fd
\b \cf3 \'a2\'d9
\f0\b0 \cf0 ->
\f1\b \cf3 \'a2\'da
\b0 \cf0 \'be\'cd\'bf\'c9\'d2\'d4\'c1\'cb
\f0  \
\
\

\f1 \'ce\'d2\'c3\'c7\'d4\'d9\'c0\'b4\'bf\'b4\'bf\'b4\'b5\'bd\'b5\'d7\'ca\'c7
\f0 rtld
\f1 \'bd\'e2\'ce\'f6\'b7\'fb\'ba\'c5\'c3\'fb\'d7\'d6\'cd\'ea\'b1\'cf\'d6\'ae\'ba\'f3\'ca\'c7\'c8\'e7\'ba\'ce\'d0\'de\'d5\'fd
\f0 GOT[6]
\f1 \'b5\'c4\'a3\'ac\'d2\'b2\'ca\'c7\'be\'cd\'cb\'b5\'c8\'e7\'ba\'ce\'d5\'d2\'b5\'bd\'d2\'aa\'d0\'de\'d5\'fd\'b5\'c4\'b5\'d8\'d6\'b7\'b5\'c4
\f0  (
\f1 \'d2\'d4\'c7\'b0\'ce\'d2\'d4\'da\'d5\'e2\'b5\'e3\'c0\'ed\'bd\'e2\'c9\'cf\'b7\'a2\'c9\'fa\'c1\'cb\'d2\'bb\'d0\'a9\'b1\'c8\'bd\'cf\'b4\'f3\'b5\'c4\'ce\'f3\'bd\'e2\'a3\'ac\'ce\'f3\'b5\'bc\'b8\'f7\'ce\'bb\'b5\'c4\'b5\'d8\'b7\'bd\'bb\'b9\'c7\'eb\'b0\'fc\'ba\'ad
\f0 :) ) \
1
\f1 \'a3\'ba
\f0  \

\f1 \'bd\'f8\'c8\'eb
\f0 PLT[4]
\f1 \'b5\'c4\'ca\'b1\'ba\'f2
\f0  
\f1 \'d6\'b4\'d0\'d0\'d6\'b8\'c1\'ee
\f0  push $0x18 
\f1 \'a3\'ac
\f0 $0x18
\f1 \'ca\'c7
\f0 printf
\f1 \'d4\'da
\f0  .rel.plt section
\f1 \'d6\'d0\'b6\'d4\'d3\'a6\'b5\'c4\'d6\'d8\'b6\'a8\'ce\'bb\'b1\'ed\'cf\'ee\'b5\'c4\'c6\'ab\'d2\'c6\'c1\'bf\'a1\'a3\'bc\'b4
\f0 \cf2 reloc_offset=0x18
\f1 \cf0 \'a1\'a3
\f2 \
\

\f0 2
\f1 \'a3\'ba
\f0 * reloc 
\f1 \'ce\'aa\'d6\'d8\'b6\'a8\'ce\'bb\'b1\'ed\'cf\'ee\'c4\'bf
\f2 \

\f0 printf
\f1 \'b7\'fb\'ba\'c5\'b5\'c4\'d6\'d8\'b6\'a8\'ce\'bb\'b1\'ed\'cf\'ee\'b5\'d8\'d6\'b7\'ce\'aa
\f0 JMPREL+$0x18    // elf32_Rel * reloc = JMPREL + reloc_offset\
\pard\pardeftab720\ri0\partightenfactor0

\f2 \cf0 \
\pard\pardeftab720\ri0\partightenfactor0

\f1 \cf0 \'d4\'da
\f0 Dynamic Segment
\f1 \'d6\'d0\'bc\'c7\'d4\'d8\'d7\'c5
\f0 .rel.plt section
\f1 \'b5\'c4\'c6\'f0\'ca\'bc\'b5\'d8\'d6\'b7\'a3\'ba
\f0 \cf2 JMPREL 0x8048278
\f1 \cf0 \'a3\'ac\'b9\'a9\'b6\'af\'cc\'ac\'bc\'d3\'d4\'d8\'c6\'f7\'d6\'d8\'b6\'a8\'ce\'bb\'ca\'b1\'ca\'b9\'d3\'c3\'a1\'a3\'ce\'d2\'c3\'c7\'c0\'b4\'bf\'b4\'bf\'b4\'d4\'da
\f0 .rel.plt section
\f1 \'d6\'d0\'c6\'ab\'d2\'c6\'c1\'bf\'ce\'aa
\f0 0x18
\f1 \'b4\'a6\'b5\'c4\'c4\'da\'c8\'dd\'a3\'ba
\f0 (
\f1 \'d2\'b2\'bf\'c9\'d2\'d4\'d3\'c3
\f0  readelf 
\f2 \'96
\f0 a test 
\f1 \'d6\'b1\'bd\'d3\'b2\'e9\'bf\'b4
\f0  .rel.plt section 
\f1 \'d6\'d0\'b8\'f7\'b8\'f6\'b1\'ed\'cf\'ee\'b5\'c4\'c4\'da\'c8\'dd
\f0 )
\f2 \

\f0 (gdb) x/8x 0x8048278+0x18
\f2 \

\f0 0x8048290: \cf3 0x08049488\cf0  \cf3 0x00000407\cf0  0x53e58955 0x000000e8 \
0x80482a0 <_init+8>: 0xc3815b00 0x000011cf 0x001cbb83 0x74000000\
\
\

\f1 \'d2\'b2\'be\'cd\'ca\'c7\'cb\'b5
\f0 printf
\f1 \'b6\'d4\'d3\'a6\'b5\'c4\'d6\'d8\'b6\'a8\'ce\'bb\'b1\'ed\'cf\'ee\'c4\'da\'c8\'dd\'ce\'aa\'a3\'ba
\f2 \

\f0 printf_retloc.r_offset=\cf3 0x08049488\cf0 ;   # \cf3 0x08049488\cf0  
\f1 \'ca\'c7\'d6\'d8\'b6\'a8\'ce\'bb\'b5\'c3\'b5\'bd
\f0 printf
\f1 \'b5\'c4\'d5\'e6\'ca\'b5\'c4\'da\'b4\'e6\'b5\'d8\'d6\'b7\'ba\'f3\'a3\'ac\'d2\'aa\'d0\'de\'b8\'c4\'cc\'ee\'d0\'b4\'b5\'c4\'ce\'bb\'d6\'c3\'a1\'a3
\f2 \
\pard\pardeftab720\li3800\fi-3800\ri0\partightenfactor0

\f0 \cf0 printf_retloc.r_info=\cf3 0x00000407\cf0 ;     # \cf3 0x00000407\cf0  
\f1 \'d3\'d2\'d2\'c6
\f0 8
\f1 \'ce\'bb\'b5\'c8\'d3\'da
\f0 4
\f1 \'a3\'ac\'b1\'ed\'ca\'be
\f0 printf 
\f1 \'d4\'da
\f0 .dynsym
\f1 \'b7\'fb\'ba\'c5\'b1\'ed\'d6\'d0\'b5\'c4\'cb\'f7\'d2\'fd\'d6\'b5\'ce\'aa
\f0 4
\f1 \'a1\'a3
\f2 \
\pard\pardeftab720\fi3800\ri0\partightenfactor0

\f0 \cf0 \kerning1\expnd0\expndtw0 # ELF32_R_SYM((\expnd0\expndtw0\kerning0
0x00000407)>>8\kerning1\expnd0\expndtw0 ) = 
\f1 \'bd\'ab
\f0 2
\f1 \'bd\'f8\'d6\'c6\'ca\'fd
\f0 100 0000 0111 
\f1 \'d3\'d2\'d2\'c6
\f0 8
\f1 \'ce\'bb
\f0 \
\pard\pardeftab720\fi6800\ri0\partightenfactor0
\cf0 = 2
\f1 \'bd\'f8\'d6\'c6\'ca\'fd
\f0 100 = 4
\f2 \expnd0\expndtw0\kerning0
\
\pard\pardeftab720\ri0\partightenfactor0

\f1 \cf0 \'d4\'d9\'bf\'b4\'bf\'b4
\f0 0x08049488
\f1 \'ca\'c7\'ca\'b2\'c3\'b4\'b5\'d8\'b7\'bd
\f2 \

\f0 (gdb) x 0x08049488 \
0x8049488 <_GLOBAL_OFFSET_TABLE_+24>: 0x4006804c    //0x08049488
\f1 \'d2\'b2\'be\'cd\'ca\'c7
\f0 GOT[6]
\f1 \'b5\'c4\'b5\'d8\'d6\'b7\'a1\'a3
\f2 \
\

\f0 3: \
void *const rel_addr = (void *)(l->l_addr + reloc->r_offset);  # rel_addr: 
\f1 \'d6\'d8\'b6\'a8\'ce\'bb\'bb\'f1\'c8\'a1\'d5\'e6\'ca\'b5\'b5\'d8\'d6\'b7\'ba\'f3\'a3\'ac\'cc\'ee\'d0\'b4\'d0\'de\'b8\'c4\'b5\'c4\'c4\'bf\'b5\'c4\'b5\'d8\'b5\'d8\'d6\'b7\'a1\'a3\'b6\'d4\'d2\'bb\'b8\'f6\'bf\'c9\'d6\'b4\'d0\'d0\'ce\'c4\'bc\'fe\'b6\'f8\'d1\'d4
\f0 ,rel_addr=reloc->r_offset=0x08049488=GOT[6]
\f1 \'a3\'bb
\f2 \cf3 \
\pard\pardeftab720\ri0\partightenfactor0
\cf0 \
\pard\pardeftab720\ri0\partightenfactor0

\f0 \cf0 l
\f1 \'b4\'fa\'b1\'ed
\f0 link_map
\f1 \'c0\'e0\'d0\'cd\'b6\'d4\'cf\'f3\'a3\'bb\'c6\'e4\'b3\'c9\'d4\'b1\'a3\'ba
\f0 l_addr;  /* Base address shared object is loaded at.  */
\f2 \
\

\f0 4
\f1 \'a3\'ba
\f0  \
*reloc_addr = value;\

\f1 \'d0\'de\'d5\'fd\'c1\'cb
\f0 rel_addr
\f1 \'d2\'b2\'be\'cd\'b5\'c8\'d3\'da\'d0\'de\'d5\'fd
\f0 GOT[6]\

\f1 \'d6\'c1\'d3\'da
\f0 value
\f1 \'ca\'c7\'c8\'e7\'ba\'ce\'bc\'c6\'cb\'e3\'b5\'c4\'a3\'ac\'c7\'eb\'b2\'ce\'bf\'bc\'ba\'f3\'c3\'e6\'b5\'c4\'a3\'ba
\f0 glibc
\f1 \'d6\'d0\'b6\'af\'cc\'ac\'bd\'e2\'ce\'f6\'b7\'fb\'ba\'c5\'b5\'c4\'d4\'b4\'b4\'fa\'c2\'eb\'a3\'a8
\f0 glibc 2.1.3
\f1 \'b5\'c4\'ca\'b5\'cf\'d6\'a3\'a9
\f2 \
\

\f1 \'cd\'ac\'ca\'b1
\f0 r_info 
\f1 \'ba\'cd\'b6\'af\'cc\'ac\'b7\'fb\'ba\'c5\'b1\'ed
\f0  .dynsym section 
\f1 \'d6\'d0\'b5\'c4
\f0 1
\f1 \'b8\'f6\'b7\'fb\'ba\'c5\'cf\'e0\'b9\'d8\'c1\'aa\'a3\'ba
\f2 \

\f0 elf32_Sym * sym = &SYMTAB[ elf32_R_SYM (reloc->r_info) ]; \

\f1 \'d2\'b2\'bc\'b4\'a3\'ba
\f0 sym = &SYMTAB[ elf32_R_SYM (0x00000407) ] = &SYMTAB[4]  // 
\f1 \'b6\'d4\'d3\'a6\'b6\'af\'cc\'ac\'b7\'fb\'ba\'c5\'b1\'ed
\f0  .dynsym section
\f1 \'b5\'c4\'b5\'da
\f0 5
\f1 \'b8\'f6\'b1\'ed\'cf\'ee
\f2 \
\

\f1 \'d3\'c3
\f0 readelf 
\f2 \'96
\f0 a ./test 
\f1 \'b2\'e9\'bf\'b4\'d3\'a1\'d6\'a4
\f0 ,
\f1 \'b7\'fb\'ba\'c5
\f0 printf 
\f1 \'c8\'b7\'ca\'b5\'ca\'c7
\f0 .dynsym
\f1 \'b5\'c4\'b5\'da
\f0 5
\f1 \'cf\'ee\'a3\'ba
\f2 \

\f0 Symbol table '.dynsym' contains 7 entries: \
Num: Value  Size Type    Bind   Ot  Ndx  Name \
0: 0        0    NOTYPE  LOCAL  0   UND \
1: 80482d8  116  FUNC    WEAK   0   UND  __register_frame_info@GLIBC_2.0 (2) \
2: 80482e8  162  FUNC    WEAK   0   UND  __deregister_frame_info@GLIBC_2.0 (2) \
3: 80482f8  261  FUNC    GLOBAL 0   UND  __libc_start_main@GLIBC_2.0 (2) \
\pard\pardeftab720\ri0\partightenfactor0
\cf3 4: 8048308  41   FUNC    GLOBAL 0   UND  printf@GLIBC_2.0 (2)\
\pard\pardeftab720\ri0\partightenfactor0

\f2 \cf0 \
\
\pard\pardeftab720\ri0\partightenfactor0

\f0 \cf0 5. \

\f1 \'d6\'d8\'b6\'a8\'ce\'bb\'b1\'ed
\f0  .rel.plt section
\f1 \'d6\'d0\'b5\'c4\'c3\'bf\'b8\'f6
\f0 entry
\f1 \'b5\'c4\'bd\'e1\'b9\'b9\'b6\'a8\'d2\'e5\'c8\'e7\'cf\'c2\'a3\'ba
\f2 \

\f0 typedef struct \{ \
\pard\pardeftab720\fi720\ri0\partightenfactor0
\cf0 elf32_Addr r_offset; \
elf32_Word r_info; \
\pard\pardeftab720\ri0\partightenfactor0

\f2 \cf0 \}
\f0  elf32_Rel;\

\f2 \
\

\itap1\trowd \taflags1 \trgaph108\trleft-108 \trbrdrt\brdrnil \trbrdrl\brdrnil \trbrdrr\brdrnil 
\clvertalc \clshdrawnil \clwWidth2208\clftsWidth3 \clbrdrt\brdrs\brdrw10\brdrcf0 \clbrdrl\brdrs\brdrw10\brdrcf0 \clbrdrb\brdrs\brdrw10\brdrcf0 \clbrdrr\brdrs\brdrw10\brdrcf0 \clpadl100 \clpadr100 \gaph\cellx4320
\clvertalc \clshdrawnil \clwWidth8640\clftsWidth3 \clbrdrt\brdrs\brdrw10\brdrcf0 \clbrdrl\brdrs\brdrw10\brdrcf0 \clbrdrb\brdrs\brdrw10\brdrcf0 \clbrdrr\brdrs\brdrw10\brdrcf0 \clpadl100 \clpadr100 \gaph\cellx8640
\pard\intbl\itap1\pardeftab720\ri0\qj\partightenfactor0
\cf0 r_offset \cell 
\pard\intbl\itap1\pardeftab720\ri0\qj\partightenfactor0

\f1 \cf0 \'b4\'cb\'b3\'c9\'d4\'b1\'b8\'f8\'b3\'f6\'c1\'cb\'d6\'d8\'b6\'a8\'ce\'bb\'b6\'af\'d7\'f7\'cb\'f9\'ca\'ca\'d3\'c3\'b5\'c4\'ce\'bb\'d6\'c3\'a1\'a3\'b6\'d4\'d3\'da\'d2\'bb\'b8\'f6\'bf\'c9\'d6\'d8\'b6\'a8\'ce\'bb\'ce\'c4\'bc\'fe\'b6\'f8\'d1\'d4\'a3\'ac\'b4\'cb\'d6\'b5\'ca\'c7\'b4\'d3\'bd\'da\'c7\'f8\'cd\'b7\'b2\'bf\'bf\'aa\'ca\'bc\'b5\'bd\'bd\'ab\'b1\'bb\'d6\'d8\'b6\'a8\'ce\'bb\'d3\'b0\'cf\'ec\'b5\'c4\'b4\'e6\'b4\'a2\'b5\'a5\'ce\'bb\'d6\'ae\'bc\'e4\'b5\'c4\'d7\'d6\'bd\'da\'c6\'ab\'d2\'c6\'a1\'a3\'b6\'d4\'d3\'da\'bf\'c9\'d6\'b4\'d0\'d0\'ce\'c4\'bc\'fe\'bb\'f2\'d5\'df\'b9\'b2\'cf\'ed\'c4\'bf\'b1\'ea\'ce\'c4\'bc\'fe\'b6\'f8\'d1\'d4\'a3\'ac\'c6\'e4\'c8\'a1\'d6\'b5\'ca\'c7\'b1\'bb\'d6\'d8\'b6\'a8\'ce\'bb\'d3\'b0\'cf\'ec\'b5\'bd\'b5\'c4\'b4\'e6\'b4\'a2\'b5\'a5\'d4\'aa\'b5\'c4\'d0\'e9\'c4\'e2\'b5\'d8\'d6\'b7\'a1\'a3
\f0  \cell \row

\itap1\trowd \taflags1 \trgaph108\trleft-108 \trbrdrl\brdrnil \trbrdrt\brdrnil \trbrdrr\brdrnil 
\clvertalc \clshdrawnil \clwWidth2208\clftsWidth3 \clbrdrt\brdrs\brdrw10\brdrcf0 \clbrdrl\brdrs\brdrw10\brdrcf0 \clbrdrb\brdrs\brdrw10\brdrcf0 \clbrdrr\brdrs\brdrw10\brdrcf0 \clpadl100 \clpadr100 \gaph\cellx4320
\clvertalc \clshdrawnil \clwWidth8640\clftsWidth3 \clbrdrt\brdrs\brdrw10\brdrcf0 \clbrdrl\brdrs\brdrw10\brdrcf0 \clbrdrb\brdrs\brdrw10\brdrcf0 \clbrdrr\brdrs\brdrw10\brdrcf0 \clpadl100 \clpadr100 \gaph\cellx8640
\pard\intbl\itap1\pardeftab720\ri0\qj\partightenfactor0

\f2 \cf0 r_info \cell 
\pard\intbl\itap1\pardeftab720\ri0\qj\partightenfactor0

\f1 \cf0 \'b4\'cb\'b3\'c9\'d4\'b1\'b8\'f8\'b3\'f6\'d2\'aa\'bd\'f8\'d0\'d0\'d6\'d8\'b6\'a8\'ce\'bb\'b5\'c4\'b7\'fb\'ba\'c5\'b1\'ed\'cb\'f7\'d2\'fd\'a3\'ac\'d2\'d4\'bc\'b0\'bd\'ab\'ca\'b5\'ca\'a9\'b5\'c4\'d6\'d8\'b6\'a8\'ce\'bb\'c0\'e0\'d0\'cd\'a1\'a3\'c0\'fd\'c8\'e7\'d2\'bb\'b8\'f6\'b5\'f7\'d3\'c3\'d6\'b8\'c1\'ee\'b5\'c4\'d6\'d8\'b6\'a8\'ce\'bb\'cf\'ee\'bd\'ab\'b0\'fc\'ba\'ac\'b1\'bb\'b5\'f7\'d3\'c3\'ba\'af\'ca\'fd\'b5\'c4\'b7\'fb\'ba\'c5\'b1\'ed\'cb\'f7\'d2\'fd\'a1\'a3\'c8\'e7\'b9\'fb\'cb\'f7\'d2\'fd\'ca\'c7
\f0  
\f2 STN_UNDEF
\f1 \'a3\'ac\'c4\'c7\'c3\'b4\'d6\'d8\'b6\'a8\'ce\'bb\'ca\'b9\'d3\'c3
\f0  
\f2 0 
\f1 \'d7\'f7\'ce\'aa
\f2 \'93
\f1 \'b7\'fb\'ba\'c5\'d6\'b5
\f2 \'94
\f1 \'a1\'a3\'d6\'d8\'b6\'a8\'ce\'bb\'c0\'e0\'d0\'cd\'ca\'c7\'ba\'cd\'b4\'a6\'c0\'ed\'c6\'f7\'cf\'e0\'b9\'d8\'b5\'c4\'a1\'a3\'b5\'b1\'b3\'cc\'d0\'f2\'b4\'fa\'c2\'eb\'d2\'fd\'d3\'c3\'d2\'bb\'b8\'f6\'d6\'d8\'b6\'a8\'ce\'bb\'cf\'ee\'b5\'c4\'d6\'d8\'b6\'a8\'ce\'bb\'c0\'e0\'d0\'cd\'bb\'f2\'d5\'df\'b7\'fb\'ba\'c5\'b1\'ed\'cb\'f7\'d2\'fd\'a3\'ac\'d4\'f2\'b1\'ed\'ca\'be\'b6\'d4\'b1\'ed\'cf\'ee\'b5\'c4
\f0  r_info 
\f1 \'b3\'c9\'d4\'b1\'d3\'a6\'d3\'c3
\f0  ELF32_R_TYPE 
\f1 \'bb\'f2\'d5\'df
\f0  ELF32_R_SYM 
\f1 \'b5\'c4\'bd\'e1\'b9\'fb\'a1\'a3
\f2 \

\f0 #define ELF32_R_SYM(i) ((i)>>8)
\f2 \

\f0 #define ELF32_R_TYPE(i) ((unsigned char)(i))
\f2 \

\f0 #define ELF32_R_INFO(s, t) (((s)<<8) + (unsigned char)(t))
\f2 \cell \lastrow\row
\pard\pardeftab720\ri0\partightenfactor0
\cf0 \
\pard\pardeftab720\ri0\partightenfactor0

\f0 \cf0 .rel.plt section
\f1 \'a3\'ba\'b4\'e6\'b7\'c5\'d0\'e8\'d2\'aa\'d6\'d8\'b6\'a8\'ce\'bb\'b5\'c4\'cf\'ee\'c4\'bf\'a1\'a3
\f0  
\f1 \'b1\'e4\'c1\'bf
\f0 /
\f1 \'ba\'af\'ca\'fd\'ca\'c7\'d2\'bb\'b8\'f6\'b7\'fb\'ba\'c5\'a3\'ac\'d6\'d8\'b6\'a8\'ce\'bb\'c9\'e6\'bc\'b0
\f0 2
\f1 \'b7\'bd\'c3\'e6\'d0\'c5\'cf\'a2\'a1\'a3
\f0 1
\f1 \'a1\'a3\'b7\'fb\'ba\'c5\'b5\'c4\'d0\'c5\'cf\'a2\'bc\'c7\'c2\'bc\'d4\'da\'d2\'bb\'b8\'f6\'b7\'fb\'ba\'c5\'b1\'ed\'c0\'ef\'a3\'ac
\f0 2
\f1 \'a1\'a3\'b7\'fb\'ba\'c5\'cb\'f9\'c9\'e6\'bc\'b0\'b5\'c4\'b5\'d8\'d6\'b7
\f0  
\f1 \'b6\'d4\'d3\'a6\'b5\'c4\'bd\'da\'c7\'f8\'a1\'a3
\f2 \

\f0 .rel.plt section
\f1 \'b5\'c4
\f0  sh_link
\f1 \'ca\'f4\'d0\'d4
\f0 :
\f1 \'b7\'fb\'ba\'c5\'d4\'da\'c4\'c4\'b8\'f6\'b7\'fb\'ba\'c5\'b1\'ed\'c0\'ef
\f0  (
\f1 \'b1\'c8\'c8\'e7
\f0 .dynsym secion)
\f1 \'a1\'a3
\f0    sh_info: 
\f1 \'b7\'fb\'ba\'c5\'b5\'c4\'b5\'d8\'d6\'b7\'cb\'f9\'c9\'e6\'bc\'b0\'b5\'c4\'bd\'da\'c7\'f8
\f0 (.plt section)
\f1 \'a1\'a3\'d0\'e8\'d2\'aa\'d6\'d8\'b6\'a8\'ce\'bb\'b2\'d9\'d7\'f7\'b5\'c4\'bd\'da\'c7\'f8\'b5\'c4\'bd\'da\'c7\'f8\'ba\'c5\'a1\'a3\'b1\'ed\'ca\'be\'b8\'c3\'bd\'da\'c7\'f8\'b5\'c4\'c4\'da\'c8\'dd
\f0 (
\f1 \'b1\'e4\'c1\'bf
\f0 /
\f1 \'bb\'f2\'ba\'af\'ca\'fd\'b7\'fb\'ba\'c5\'b5\'d8\'d6\'b7
\f0 )
\f1 \'b2\'bb\'c3\'f7\'c8\'b7\'a3\'ac\'d0\'e8\'d2\'aa\'bd\'f8\'d0\'d0\'d6\'d8\'b6\'a8\'ce\'bb\'b2\'d9\'d7\'f7\'a1\'a3
\f2 \

\f0 .rel.plt
\f1 \'b5\'c4\'c3\'bf\'b8\'f6\'d6\'d8\'b6\'a8\'ce\'bb\'cf\'ee\'b5\'c4\'ca\'f4\'d0\'d4\'a3\'ba
\f0 r_offset 
\f1 \'b1\'ed\'ca\'be\'b7\'fb\'ba\'c5\'d6\'d8\'b6\'a8\'ce\'bb\'cd\'ea\'b1\'cf\'a3\'ac\'bd\'e1\'b9\'fb\'d2\'aa\'d0\'de\'b8\'c4\'cc\'ee\'d0\'b4\'b5\'bd\'c4\'c4\'c0\'ef\'a1\'a3
\f0 r_info 
\f1 \'b1\'ed\'ca\'be\'b7\'fb\'ba\'c5\'d4\'da\'b7\'fb\'ba\'c5\'b1\'ed\'c0\'ef\'b5\'c4\'c6\'ab\'d2\'c6\'c1\'bf\'a1\'a3
\f2 \
\
\pard\pardeftab720\ri0\partightenfactor0

\f1\b \cf0 \'b8\'bd
\f0  glibc
\f1 \'b5\'c4\'b4\'fa\'c2\'eb\'b2\'ce\'bf\'bc\'a3\'ba
\f2 \
\pard\pardeftab720\ri0\partightenfactor0

\f0\b0 \cf0 1.\
glibc-2.2.4-18.7.0.6 
\f1 \'b5\'c4
\f0  link_map
\f1 \'b5\'c4\'b6\'a8\'d2\'e5\'c8\'e7\'cf\'c2\'a3\'ba
\f2 \

\f0 /usr/include/link.h  link_map
\f1 \'b6\'a8\'d2\'e5\'c8\'e7\'cf\'c2\'a3\'ba
\f2 \

\f0 struct link_map\
  \{\
    /* These first few members are part of the protocol with the debugger.\
       This is the same format used in SVR4.  */\
\
    ElfW(Addr) l_addr;          /* Base address shared object is loaded at.  */\
    char *l_name;               /* Absolute file name object was found in.  */\
    ElfW(Dyn) *l_ld;            /* Dynamic section of the shared object.  */\
    struct link_map *l_next, *l_prev; /* Chain of loaded objects.  */\
  \};\
\

\f1 \'ba\'cd
\f0 glibc 2.1.3 
\f1 \'d6\'d0
\f0 link_map
\f1 \'b5\'c4\'b6\'a8\'d2\'e5\'d3\'d0\'cb\'f9\'b2\'bb\'cd\'ac\'a1\'a3\'bd\'f6\'b9\'a9\'b2\'ce\'bf\'bc\'a1\'a3
\f2 \
\
\

\f0 2.\
.dynamic 
\f1 \'bd\'da\'c7\'f8\'a3\'ba\'c8\'e7\'b9\'fb\'d2\'bb\'b8\'f6\'c4\'bf\'b1\'ea\'ce\'c4\'bc\'fe\'b2\'ce\'d3\'eb\'b6\'af\'cc\'ac\'c1\'b4\'bd\'d3\'a3\'ac\'cb\'fc\'b5\'c4\'b3\'cc\'d0\'f2\'cd\'b7\'b2\'bf\'b1\'ed\'bd\'ab\'b0\'fc\'ba\'ac\'c0\'e0\'d0\'cd\'ce\'aa
\f0  PT_DYNAMIC 
\f1 \'b5\'c4\'b6\'ce\'a1\'a3\'b4\'cb
\f0 \'93
\f1 \'b6\'ce
\f0 \'94
\f1 \'b0\'fc\'ba\'ac
\f0  .dynamic 
\f1 \'bd\'da\'c7\'f8\'a1\'a3\'b8\'c3\'bd\'da\'c7\'f8\'b2\'c9\'d3\'c3\'d2\'bb\'b8\'f6\'cc\'d8\'ca\'e2\'b7\'fb\'ba\'c5
\f0 _DYNAMIC 
\f1 \'c0\'b4\'b1\'ea\'bc\'c7\'a3\'ac\'c6\'e4\'d6\'d0\'b0\'fc\'ba\'ac\'cf\'c2\'c1\'d0\'bd\'e1\'b9\'b9\'b5\'c4\'ca\'fd\'d7\'e9\'a1\'a3
\f2 \
\

\f0  typedef struct \{\
 	Elf32_Sword d_tag;\
 	union \{\
 		Elf32_Word  d_val;\
 		Elf32_Addr  d_ptr;\
 	\} d_un;\
 \} Elf32_Dyn;\
 \
 extern Elf32_Dyn  _DYNAMIC[];\
 \
\

\f1 \'b6\'d4\'c3\'bf\'b8\'f6\'d5\'e2\'d6\'d6\'c0\'e0\'d0\'cd\'b5\'c4\'b6\'d4\'cf\'f3\'a3\'ac
\f0 d_tag 
\f1 \'bf\'d8\'d6\'c6
\f0  d_un 
\f1 \'b5\'c4\'bd\'e2\'ca\'cd\'ba\'ac\'d2\'e5\'a3\'ba
\f0 DT_ 
\f1 \'ca\'c7
\f0  dynamic type 
\f1 \'b5\'c4\'cb\'f5\'d0\'b4
\f2 \

\f0 d_val : 
\f1 \'b4\'cb
\f0  Elf32_Word 
\f1 \'b6\'d4\'cf\'f3\'b1\'ed\'ca\'be\'d2\'bb\'b8\'f6\'d5\'fb\'ca\'fd\'d6\'b5\'a3\'ac\'bf\'c9\'d2\'d4\'d3\'d0\'b6\'e0\'d6\'d6\'bd\'e2\'ca\'cd\'a1\'a3
\f2 \

\f0 d_ptr : 
\f1 \'b4\'cb
\f0  Elf32_Addr 
\f1 \'b6\'d4\'cf\'f3\'b4\'fa\'b1\'ed\'b3\'cc\'d0\'f2\'b5\'c4\'d0\'e9\'c4\'e2\'b5\'d8\'d6\'b7\'a1\'a3
\f2 \
\
\

\f1 \'b6\'af\'cc\'ac\'ca\'fd\'d7\'e9\'b1\'ea\'bc\'c7\'a3\'ba
\f0 d_tag 
\f1 \'c0\'e0\'d0\'cd\'b1\'ed
\f2 \

\f1 \'c3\'fb\'b3\'c6
\f0      
\f1 \'ca\'fd\'d6\'b5
\f0    d_un   
\f1 \'bf\'c9\'d6\'b4\'d0\'d0
\f0    
\f1 \'b9\'b2\'cf\'ed\'c4\'bf\'b1\'ea
\f0   
\f1 \'cb\'b5\'c3\'f7
\f0  \
DT_NULL     0   
\f1 \'ba\'f6\'c2\'d4
\f0    
\f1 \'b1\'d8\'d0\'e8
\f0      
\f1 \'b1\'d8\'d0\'e8
\f0       
\f1 \'b1\'ea\'bc\'c7\'ce\'aa
\f0  DT_NULL 
\f1 \'b5\'c4\'cf\'ee\'c4\'bf\'b1\'ea\'d7\'a2\'c1\'cb\'d5\'fb\'b8\'f6
\f0  _DYNAMIC 
\f1 \'ca\'fd\'d7\'e9\'b5\'c4\'c4\'a9\'b6\'cb\'a1\'a3
\f0  \
\pard\pardeftab720\ri0\partightenfactor0

\f2 \cf0 \'85\
\'85\
\pard\pardeftab720\ri0\partightenfactor0

\f0 \cf0 DT_STRTAB   5   d_ptr  
\f1 \'b1\'d8\'d0\'e8
\f0      
\f1 \'b1\'d8\'d0\'e8
\f0       
\f1 \'b4\'cb\'d4\'aa\'cb\'d8\'b0\'fc\'ba\'ac\'d7\'d6\'b7\'fb\'b4\'ae\'b1\'ed\'b5\'c4\'b5\'d8\'d6\'b7\'a3\'ac\'b7\'fb\'ba\'c5\'c3\'fb\'a1\'a2\'bf\'e2\'c3\'fb\'a1\'a2\'ba\'cd\'c6\'e4\'cb\'fb\'d7\'d6\'b7\'fb\'b4\'ae\'b6\'bc\'b0\'fc\'ba\'ac\'d4\'da\'b4\'cb\'b1\'ed\'d6\'d0\'a1\'a3
\f0  \
\pard\pardeftab720\ri0\partightenfactor0
\cf3 DT_SYMTAB\cf0    6   d_ptr  
\f1 \'b1\'d8\'d0\'e8
\f0      
\f1 \'b1\'d8\'d0\'e8
\f0       
\f1 \'b4\'cb\'d4\'aa\'cb\'d8\'b0\'fc\'ba\'ac\'b7\'fb\'ba\'c5\'b1\'ed\'b5\'c4\'b5\'d8\'d6\'b7\'a1\'a3\'b6\'d4
\f0  32 
\f1 \'ce\'bb\'b5\'c4\'ce\'c4\'bc\'fe\'b6\'f8\'d1\'d4\'a3\'ac\'d5\'e2\'b8\'f6\'b7\'fb\'ba\'c5\'b1\'ed\'d6\'d0\'b5\'c4\'cc\'f5\'c4\'bf\'ca\'c7
\f0  Elf32_Sym 
\f1 \'c0\'e0\'d0\'cd\'a1\'a3
\f2 \
\'85\
\'85\
\pard\pardeftab720\ri0\partightenfactor0

\f1 \cf0 \'d3\'c3
\f0 readelf 
\f2 \'96
\f0 a ./test 
\f1 \'bf\'c9\'d2\'d4\'b2\'e9\'bf\'b4\'a3\'ba
\f0 .dynamic section :\
Dynamic segment at offset 0x53c contains 20 entries:\
  Tag        Type                         Name/Value\
\pard\pardeftab720\ri0\partightenfactor0
\cf0 \kerning1\expnd0\expndtw0  0x00000001 (NEEDED)                     Shared library: [libc.so.6]\
\pard\pardeftab720\ri0\partightenfactor0
\cf0 \expnd0\expndtw0\kerning0
 0x0000000c (INIT)                       0x8048298\
 0x0000000d (FINI)                       0x804841c\
 0x00000004 (HASH)                       0x8048128\
\pard\pardeftab720\ri0\partightenfactor0
\cf0 \kerning1\expnd0\expndtw0  0x00000005 (STRTAB)                     0x80481c8\
\pard\pardeftab720\ri0\partightenfactor0
\cf0 \expnd0\expndtw0\kerning0
 0x00000006 (\cf3 SYMTAB\cf0 )                     \cf3 0x8048158\cf0     # 
\f1 \'d6\'b8\'cf\'f2
\f0  .dynsym section\
\pard\pardeftab720\ri0\partightenfactor0

\f2 \cf0 \'85\
\'85\
\pard\pardeftab720\ri0\partightenfactor0

\f1 \cf0 \'d2\'f2\'b4\'cb\'a3\'ba
\f0 symtab = (const void *) l->l_info[DT_SYMTAB]->d_un.d_ptr;   
\f1 \'bc\'c6\'cb\'e3\'bb\'f1\'b5\'c3\'ca\'c7
\f0 .dynsym section 
\f1 \'b5\'c4\'ca\'d7\'b5\'d8\'d6\'b7
\f2 \
\
\
\

\f1 \'a1\'ef\'a1\'ef\'a1\'ef
\f0  glibc
\f1 \'d6\'d0\'b6\'af\'cc\'ac\'bd\'e2\'ce\'f6\'b7\'fb\'ba\'c5\'b5\'c4\'d4\'b4\'b4\'fa\'c2\'eb\'a3\'a8
\f0 glibc 2.1.3
\f1 \'b5\'c4\'ca\'b5\'cf\'d6\'a3\'a9
\f0  \
\
.text \
.globl _dl_runtime_resolve   // 
\f1 \'bf\'c9\'d2\'d4\'d3\'c3
\f0  readelf -a /lib/ld-2.2.4.so 
\f1 \'b2\'e9\'bf\'b4
\f0 _dl_runtime_resolve
\f1 \'b5\'c4\'b7\'fb\'ba\'c5\'d0\'c5\'cf\'a2
\f2 \

\f0 .type _dl_runtime_resolve, @function \
.align 16 \
_dl_runtime_resolve: \
pushl %eax            # Preserve registers otherwise clobbered. \
pushl %ecx \
pushl %edx \
movl 16(%esp), %edx   # Copy args pushed by PLT in register. Note   #
\f1 \'b2\'ce\'ca\'fd
\f0 1
\f1 \'a3\'ba
\f0 16(%esp)
\f1 \'be\'cd\'ca\'c7\'d4\'da
\f0 PLT[4]
\f1 \'b4\'a6
\f0 push
\f1 \'b5\'c4
\f0 0x18
\f2 \

\f0 movl 12(%esp), %eax   # that 
\f2 \'91
\f0 fixup' takes its parameters in regs.  #
\f1 \'b2\'ce\'ca\'fd
\f0 2
\f1 \'a3\'ba
\f0 12(%esp)
\f1 \'be\'cd\'ca\'c7\'d4\'da
\f0 PLT[0]
\f1 \'b4\'a6
\f0 pushl
\f1 \'b5\'c4
\f0 GOT[1]
\f2 \

\f0 call fixup            # Call resolver. \
popl %edx             # Get register content back. \
popl %ecx \
xchgl %eax, (%esp)    # Get %eax contents and store function address. #fixup
\f1 \'bd\'e2\'ce\'f6\'b3\'f6\'ba\'af\'ca\'fd\'d5\'e6\'ca\'b5\'c4\'da\'b4\'e6\'b5\'d8\'d6\'b7\'b7\'c5\'d4\'da
\f0 %eax
\f1 \'d6\'d0
\f2 \

\f0 ret $8                # Jump to function address. \
\
static elfW(Addr) __attribute__ ((unused)) \
\
fixup ( \
# ifdef elf_MACHINE_RUNTIME_FIXUP_ARGS \
elf_MACHINE_RUNTIME_FIXUP_ARGS, \
# endif \
struct link_map *l, elfW(Word) reloc_offset)  // *l = GOT[1]; reloc_offset = 0x18\
\{ \
\pard\pardeftab720\fi405\ri0\partightenfactor0
\cf2 /*  *l 
\f1 \'ca\'c7\'d2\'bb\'b8\'f6
\f0 link_map
\f1 \'bd\'e1\'b9\'b9\'a1\'a3
\f0 l_info 
\f1 \'bf\'bd\'b1\'b4\'c1\'cb
\f0  .dynamic section
\f1 \'c4\'da\'c8\'dd\'a3\'bb\'cf\'ea\'bc\'fb\'a1\'b6
\f0 Linux 
\f1 \'b6\'af\'cc\'ac\'c1\'b4\'bd\'d3\'bb\'fa\'d6\'c6\'d1\'d0\'be\'bf\'bc\'b0\'d3\'a6\'d3\'c3
\f0 .pdf
\f1 \'a1\'b7
\f0 */\
\pard\pardeftab720\fi400\ri0\partightenfactor0
\cf0 const elfW(Sym) *const symtab = (const void *) l->l_info[DT_SYMTAB]->d_un.d_ptr; \cf2 /* 
\f1 \'bc\'c6\'cb\'e3\'bb\'f1\'b5\'c3
\f0 .dynsym section
\f1 \'ca\'d7\'b5\'d8\'d6\'b7
\f0  */
\f2 \cf0 \

\f0 const char *strtab = (const void *) l->l_info[DT_STRTAB]->d_un.d_ptr; \cf2 /* 
\f1 \'bc\'c6\'cb\'e3\'bb\'f1\'b5\'c3
\f0 .dynstr section
\f1 \'ca\'d7\'b5\'d8\'d6\'b7
\f0  */
\f2 \cf0 \

\f0 const PLTREL *const reloc = (const void *) (l->l_info[DT_JMPREL]->d_un.d_ptr + reloc_offset);  \cf2 /* 
\f1 \'bc\'c6\'cb\'e3\'bb\'f1\'b5\'c3\'b5\'c4
\f0 reloc
\f1 \'ca\'c7
\f0  printf
\f1 \'b7\'fb\'ba\'c5\'d4\'da
\f0 .rel.plt section 
\f1 \'d6\'d0\'b6\'d4\'d3\'a6\'b5\'c4\'d6\'d8\'b6\'a8\'ce\'bb\'b1\'ed\'cf\'ee
\f0   */
\f2 \cf0 \

\f0 const elfW(Sym) *sym = &symtab[elfW(R_SYM) (reloc->r_info)];  \cf2 /* 
\f1 \'bc\'c6\'cb\'e3\'bb\'f1\'b5\'c3
\f0 printf
\f1 \'b7\'fb\'ba\'c5\'d4\'da
\f0 .dynsym section
\f1 \'d6\'d0\'b5\'c4\'b6\'d4\'d3\'a6\'b5\'c4\'b7\'fb\'ba\'c5\'b1\'ed\'cf\'ee\'cb\'f7\'d2\'fd\'a3\'bb
\f0 R_SYM
\f1 \'ba\'ea\'bc\'c6\'cb\'e3\kerning1\expnd0\expndtw0 \'d6\'d8\'b6\'a8\'ce\'bb\'b1\'ed\'cf\'ee\'b6\'d4\'d3\'a6\'b5\'c4\'b7\'fb\'ba\'c5\'b1\'ed\'cf\'ee\'cb\'f7\'d2\'fd
\f0 \expnd0\expndtw0\kerning0
 */\cf0  \
\pard\pardeftab720\li199\fi200\ri0\partightenfactor0
\cf0 void *const rel_addr = (void *)(l->l_addr + reloc->r_offset);  \cf2 /* rel_addr: 
\f1 \'d6\'d8\'b6\'a8\'ce\'bb\'bb\'f1\'c8\'a1\'d5\'e6\'ca\'b5\'b5\'d8\'d6\'b7\'ba\'f3\'a3\'ac\'cc\'ee\'d0\'b4\'d0\'de\'b8\'c4\'b5\'c4\'c4\'bf\'b5\'c4\'b5\'d8\'b5\'d8\'d6\'b7\'a1\'a3\'b6\'d4\'d2\'bb\'b8\'f6\'bf\'c9\'d6\'b4\'d0\'d0\'ce\'c4\'bc\'fe\'b6\'f8\'d1\'d4
\f0 ,rel_addr=reloc->r_offset=0x08049488=GOT[6]
\f1 \'a3\'bb
\f0  */
\f2 \cf0 \
\pard\pardeftab720\ri0\partightenfactor0
\cf0 \
\pard\pardeftab720\fi400\ri0\partightenfactor0

\f0 \cf0 elfW(Addr) value; \
\pard\pardeftab720\ri0\partightenfactor0

\f2 \cf0 \
\pard\pardeftab720\fi400\ri0\partightenfactor0

\f0 \cf0 /* The use of 
\f2 \'91
\f0 alloca' here looks ridiculous but it helps. The goal is \
\pard\pardeftab720\ri0\partightenfactor0
\cf0 to prevent the function from being inlined and thus optimized out. \
There is no official way to do this so we use this trick. gcc never \
inlines functions which use 
\f2 \'91
\f0 alloca'. */ \
\pard\pardeftab720\fi400\ri0\partightenfactor0
\cf0 alloca (sizeof (int)); \
\pard\pardeftab720\ri0\partightenfactor0

\f2 \cf0 \
\pard\pardeftab720\fi400\ri0\partightenfactor0

\f0 \cf0 /* Sanity(
\f1 \'d0\'c4\'d6\'c7\'bd\'a1\'c8\'ab
\f0 ) check that we're really looking at a PLT relocation. */ \
assert (elfW(R_TYPE)(reloc->r_info) == elf_MACHINE_JMP_SLOT); \cf2 /*
\f1 \'bd\'a1\'d7\'b3\'d0\'d4\'bc\'ec\'b2\'e9\'a3\'bb
\f0  R_TYPE
\f1 \'ba\'ea\'bc\'c6\'cb\'e3\'d6\'d8\'b6\'a8\'ce\'bb\'b1\'ed\'cf\'ee\'b5\'c4\'d6\'d8\'b6\'a8\'ce\'bb\'c0\'e0\'d0\'cd\'a3\'ac
\f0 .rel.plt
\f1 \'d6\'d8\'b6\'a8\'ce\'bb\'cf\'ee\'b5\'c4\'d6\'d8\'b6\'a8\'ce\'bb\'c0\'e0\'d0\'cd\'b6\'bc\'ca\'c7
\f0 R_386_JUMP_SLOT
\f1 \'c0\'e0\'d0\'cd
\f0  */ 
\f2 \cf0 \
\pard\pardeftab720\ri0\partightenfactor0
\cf0 \
\pard\pardeftab720\fi400\ri0\partightenfactor0

\f0 \cf0 /* Look up the target symbol. */ \
switch (l->l_info[VERSYMIDX (DT_VERSYM)] != NULL)\
\pard\pardeftab720\fi400\ri0\partightenfactor0

\f2 \cf0 \{
\f0  \cf2 /* DT_VERSYM 
\f1 \'b6\'d4\'d3\'a6
\f0  .gnu.version section
\f1 \'a3\'ac
\f0  
\f1 \'d3\'c3
\f0 readelf 
\f2 \'96
\f0 a ./test 
\f1 \'bf\'c9\'d2\'d4\'d5\'d2\'b5\'bd\'b4\'cb\'c0\'e0
\f0  section
\f1 \'a3\'ac\'a1\'b6
\f0 elf
\f1 \'b9\'e6\'b7\'b6\'a1\'b7\'c3\'bb\'d3\'d0\'cc\'e1\'bc\'b0
\f0  */\
\pard\pardeftab720\fi600\ri0\partightenfactor0
\cf2 /* .gnu.version 
\f1 \'c0\'ef\'b5\'c4\'c3\'bf\'d2\'bb\'cf\'ee\'b6\'bc\'b6\'d4\'d3\'a6
\f0 .dynsym 
\f1 \'d6\'d0\'b5\'c4\'d2\'bb\'b8\'f6\'b7\'fb\'ba\'c5\'a3\'bb\'c3\'bf\'b8\'f6\'b1\'ed\'cf\'ee\'b5\'c4\'c4\'da\'c8\'dd\'ce\'aa\'a3\'ba
\f0 hash
\f1 \'d6\'b5\'a1\'a2
\f0 glibc
\f1 \'b0\'e6\'b1\'be\'bb\'f2
\f0 global/local
\f1 \'b0\'f3\'b6\'a8\'ca\'f4\'d0\'d4
\f0  */
\f2 \cf0 \
\pard\pardeftab720\fi400\ri0\partightenfactor0
\cf0 \
\pard\pardeftab720\fi800\ri0\partightenfactor0

\f0 \cf0 default: \
\{ \
\pard\pardeftab720\fi1200\ri0\partightenfactor0
\cf0 const elfW(Half) *vernum = (const void *) l->l_info[VERSYMIDX (DT_VERSYM)]->d_un.d_ptr;  \cf2 /* 
\f1 \'bc\'c6\'cb\'e3\'bb\'f1\'b5\'c3
\f0 glibc
\f1 \'b0\'e6\'b1\'be\'ba\'c5
\f0 ?? */
\f2 \cf0 \

\f0 elfW(Half) ndx = vernum[elfW(R_SYM) (reloc->r_info)];  \cf2  \cf0  \cf2 /* 
\f1 \'bc\'c6\'cb\'e3\'bb\'f1\'b5\'c3
\f0 printf
\f1 \'b7\'fb\'ba\'c5\'d4\'da
\f0 .gnu.version
\f1 \'d6\'d0\'b6\'d4\'d3\'a6
\f0 hash
\f1 \'b1\'ed\'cf\'ee\'b5\'c4\'cb\'f7\'d2\'fd
\f0 ndx
\f1 \'a3\'ac\'b4\'cb\'b1\'ed\'cf\'ee\'b7\'c5\'d7\'c5
\f0 printf
\f1 \'b7\'fb\'ba\'c5\'b6\'d4\'d3\'a6\'b5\'c4
\f0 glibc
\f1 \'b0\'e6\'b1\'be\'ba\'c5
\f0 ?? 
\f1 \'a3\'bb
\f0 R_SYM
\f1 \'ba\'ea\'bc\'c6\'cb\'e3\'d0\'e8\'d2\'aa\kerning1\expnd0\expndtw0 \'d6\'d8\'b6\'a8\'ce\'bb\'b5\'c4\'b7\'fb\'ba\'c5\'cb\'f9\'b6\'d4\'d3\'a6\'b5\'c4\'b7\'fb\'ba\'c5\'b1\'ed\'cf\'ee\'cb\'f7\'d2\'fd
\f0 \expnd0\expndtw0\kerning0
*/
\f2 \cf0 \

\f0 const struct r_found_version *version = &l->l_versions[ndx];  \cf2 /* 
\f1 \'bc\'c6\'cb\'e3\'bb\'f1\'b5\'c3
\f0 printf
\f1 \'b7\'fb\'ba\'c5\'b6\'d4\'d3\'a6\'b5\'c4
\f0 glibc
\f1 \'b0\'e6\'b1\'be\'ba\'c5
\f0 ?? */
\f2 \cf0 \

\f0 if (version->hash != 0) \
\{ \
\pard\pardeftab720\fi1400\ri0\partightenfactor0
\cf0 value = _dl_lookup_versioned_symbol(strtab + sym->st_name, &sym, l->l_scope, l->l_name, version, elf_MACHINE_JMP_SLOT);   \cf2 /* 
\f1 \'d5\'e6\'d5\'fd\'b5\'c4\'b7\'fb\'ba\'c5\'b5\'d8\'d6\'b7\'ca\'fd\'d6\'b5\'bd\'e2\'ce\'f6\'ba\'af\'ca\'fd\'d4\'da\'b4\'cb\'a3\'a1
\f0 value
\f1 \'ca\'c7\'d6\'d8\'b6\'a8\'ce\'bb\'b3\'f6
\f0 printf
\f1 \'b5\'c4\'d7\'ee\'d6\'d5\'c4\'da\'b4\'e6\'b5\'d8\'d6\'b7\'a1\'a3\'d7\'ee\'d6\'d5\'bd\'ab\'b1\'a3\'b4\'e6\'b5\'bd
\f0 rel_addr
\f1 \'c0\'ef\'c3\'e6
\f0  */
\f2 \cf0 \

\f0 break; \
\pard\pardeftab720\fi1200\ri0\partightenfactor0

\f2 \cf0 \}
\f0  \
\pard\pardeftab720\fi800\ri0\partightenfactor0

\f2 \cf0 \}\
\
\pard\pardeftab720\fi800\ri0\partightenfactor0

\f0 \cf0 case 0: \
value = _dl_lookup_symbol (strtab + sym->st_name, &sym, l->l_scope, l->l_name, elf_MACHINE_JMP_SLOT);   \cf2 /* 
\f1 \'d5\'e6\'d5\'fd\'b5\'c4\'b7\'fb\'ba\'c5\'b5\'d8\'d6\'b7\'ca\'fd\'d6\'b5\'bd\'e2\'ce\'f6\'ba\'af\'ca\'fd\'d4\'da\'b4\'cb\'a3\'a1
\f0  */
\f2 \cf0 \
\pard\pardeftab720\fi400\ri0\partightenfactor0
\cf0 \}
\f0  \
\pard\pardeftab720\ri0\partightenfactor0
\cf0 /*
\f1 \'b4\'cb\'ca\'b1
\f0 value
\f1 \'ce\'aa
\f0 object
\f1 \'d7\'b0\'d4\'d8\'c4\'da\'b4\'e6\'b5\'c4\'bb\'f9\'b5\'d8\'d6\'b7
\f0 */ \
\pard\pardeftab720\fi400\ri0\partightenfactor0
\cf0 /* Currently value contains the base load address of the object that defines sym. Now add in the symbol offset. */ \
value = (sym ? value + sym->st_value : 0); /*
\f1 \'ba\'af\'ca\'fd\'b5\'c4\'be\'f8\'b6\'d4\'b5\'d8\'d6\'b7
\f0 */ \
\pard\pardeftab720\ri0\partightenfactor0

\f2 \cf0 \
\pard\pardeftab720\fi400\ri0\partightenfactor0

\f0 \cf0 /* And now perhaps the relocation addend. */ \
value = elf_machine_plt_value (l, reloc, value); /*
\f1 \'bf\'c9\'c4\'dc\'bb\'b9\'d0\'e8\'d2\'aa\'b4\'a6\'c0\'ed\'d2\'bb\'cf\'c2\'d6\'d8\'b6\'a8\'ce\'bb\'bc\'d3\'ca\'fd
\f0 */ \
\pard\pardeftab720\ri0\partightenfactor0

\f2 \cf0 \
\pard\pardeftab720\fi400\ri0\partightenfactor0

\f0 \cf0 /* Finally, fix up the plt itself. */ \
elf_machine_fixup_plt (l, reloc, rel_addr, value); /*
\f1 \'d0\'de\'d5\'fd
\f0 rel_addr
\f1 \'a3\'ac\'d2\'bb\'b0\'e3\'c0\'b4\'cb\'b5
\f0 rel_addr=GOT[N]*/ \
\pard\pardeftab720\ri0\partightenfactor0

\f2 \cf0 \
\pard\pardeftab720\fi400\ri0\partightenfactor0

\f0 \cf0 return value;  /* value
\f1 \'d7\'ee\'d6\'d5\'b5\'c8\'d3\'da
\f0 printf
\f1 \'b5\'c4\'d5\'e6\'ca\'b5\'c4\'da\'b4\'e6\'b5\'d8\'d6\'b7\'a3\'ac\'b7\'b5\'bb\'d8\'ca\'b1\'b4\'e6\'b7\'c5\'d4\'da
\f0 %eax
\f1 \'d6\'d0
\f0  */\
\pard\pardeftab720\ri0\partightenfactor0

\f2 \cf0 \}
\f0  \
\
\
static inline elf32_Addr elf_machine_plt_value (struct link_map *map, const elf32_Rela *reloc, elf32_Addr value) \
\{ \
\pard\pardeftab720\fi400\ri0\partightenfactor0
\cf0 return value + reloc->r_addend; \
\pard\pardeftab720\ri0\partightenfactor0

\f2 \cf0 \}
\f0  \
\
/* Fixup a PLT entry to bounce directly to the function at VALUE. */ \
static inline void elf_machine_fixup_plt (struct link_map *map, const elf32_Rel *reloc, elf32_Addr *reloc_addr, elf32_Addr value) \
\{ \
\pard\pardeftab720\fi400\ri0\partightenfactor0
\cf0 *reloc_addr = value; \
\pard\pardeftab720\ri0\partightenfactor0

\f2 \cf0 \}
\f0  \
\
\
\pard\pardeftab720\ri0\partightenfactor0

\f1 \cf0 \'d4\'d9\'bd\'f8\'d2\'bb\'b2\'bd\'cb\'d1\'cb\'f7\'a3\'ba\'c9\'cf\'c3\'e6\'ce\'d2\'c3\'c7\'bf\'b4\'b5\'bd
\f0  fixup
\f1 \'bb\'b9\'b2\'bb\'ca\'c7\'d7\'ee\'d6\'d5\'b5\'c4
\f0  
\f1 \'b7\'fb\'ba\'c5\'bd\'e2\'ce\'f6\'ba\'af\'ca\'fd\'a3\'ac\'d3\'a6\'b8\'c3\'ca\'c7
\f0 _dl_lookup_versioned_symbol 
\f1 \'ba\'cd
\f0  _dl_lookup_symbol
\f1 \'a3\'ac\'cf\'d6\'d4\'da\'ce\'d2\'c3\'c7\'c0\'b4\'d1\'b0\'d5\'d2\'d5\'e2
\f0 2
\f1 \'b8\'f6\'ba\'af\'ca\'fd\'b5\'bd\'b5\'d7\'d4\'da\'c4\'c4\'c0\'ef\'a3\'ba
\f2 \
\

\f0 # grep -r -s dl_lookup_symbol /usr/lib\
Binary file /usr/lib/libc.a matches\
Binary file /usr/lib/libc_p.a matches\
# grep -r -s dl_lookup_symbol /lib\
Binary file /lib/ld-linux.so.2 matches\
Binary file /lib/libc.so.6 matches\
Binary file /lib/ld-2.2.4.so matches\
Binary file /lib/libc-2.2.4.so matches\
# ls -l /lib/ld*\
-rwxr-xr-x    1 root     root       457261 Aug  8  2002 /lib/ld-2.2.4.so\
lrwxrwxrwx    1 root     root           11 Oct 23  2002 /lib/ld-linux.so.2 -> ld-2.2.4.so\
# ldd ./test\
        libc.so.6 => /lib/libc.so.6 (0x40025000)\
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)\
# readelf -a /lib/libc.so.6|grep dl_lookup_symbol \
  001315c4  62f07 R_386_JUMP_SLOT       00000000  _dl_lookup_symbol_skip   \
  0013169c  70507 R_386_JUMP_SLOT       00000000  _dl_lookup_symbol        \
  1583: 00000000   634 FUNC    GLOBAL DEFAULT  UND _dl_lookup_symbol_skip@GLIBC_2.0 (13)\
  1797: 00000000  1347 FUNC    GLOBAL DEFAULT  UND _dl_lookup_symbol@GLIBC_2.0 (13)\
  4831: 00000000   634 FUNC    GLOBAL DEFAULT  UND _dl_lookup_symbol_skip@@GLIBC_2.0\
# readelf -a /lib/ld-2.2.4.so |grep dl_look_symbol\
  00015a3c  03c07 R_386_JUMP_SLOT       00008254  _dl_lookup_symbol        \
    48: 00008798   634 FUNC    GLOBAL DEFAULT   10 _dl_lookup_symbol_skip@@GLIBC_2.0\
    60: 00008254  1347 FUNC    GLOBAL DEFAULT   10 _dl_lookup_symbol@@GLIBC_2.0\
   323: 00008798   634 FUNC    GLOBAL DEFAULT   10 _dl_lookup_symbol_skip\
# readelf -a /lib/ld-2.2.4.so |grep _dl_lookup_versioned_symbol \
    29: 000092dc   782 FUNC    GLOBAL DEFAULT   10 _dl_lookup_versioned_symbol_skip@@GLIBC_2.0\
    51: 00008a14  2247 FUNC    GLOBAL DEFAULT   10 _dl_lookup_versioned_symbol@@GLIBC_2.0\
   304: 000092dc   782 FUNC    GLOBAL DEFAULT   10 _dl_lookup_versioned_symbol_skip\
   326: 00008a14  2247 FUNC    GLOBAL DEFAULT   10 _dl_lookup_versioned_symbol\
\pard\pardeftab720\ri0\partightenfactor0

\f2 \cf0 \
\pard\pardeftab720\ri0\partightenfactor0

\f0 \cf0 readelf -a /lib/ld-2.2.4.so 
\f1 \'d1\'a1\'c8\'a1\'c6\'e4\'d6\'d0\'b5\'c4\'d2\'bb\'b8\'f6\'cc\'d8\'b1\'f0\'b5\'c4\'b7\'fb\'ba\'c5\'c3\'fb\'d7\'d6
\f0  _dl_init_all_dirs
\f1 \'a3\'ac\'bd\'f8\'d0\'d0\'b2\'e9\'d5\'d2\'b2\'e2\'ca\'d4\'a3\'ba
\f2 \

\f0 # grep -r -s _dl_init_all_dirs /lib\
Binary file /lib/ld-linux.so.2 matches\
Binary file /lib/libc.so.6 matches\
Binary file /lib/ld-2.2.4.so matches\
Binary file /lib/libc-2.2.4.so matches\
 \
# grep -r -s _dl_init_all_dirs /usr/lib\
Binary file /usr/lib/libc.a matches\
Binary file /usr/lib/libc_p.a matches\
\
# readelf -a /lib/libc.so.6 |grep _dl_init_all_dirs\
  00131a80  59a06 R_386_GLOB_DAT        00000000  _dl_init_all_dirs        \
  1434: 00000000     4 OBJECT  GLOBAL DEFAULT  UND _dl_init_all_dirs@GLIBC_2.2 (14)\
# readelf -a /lib/ld-2.2.4.so |grep _dl_init_all_dirs\
  00015b48  05d06 R_386_GLOB_DAT        00016010  _dl_init_all_dirs        \
    93: 00016010     4 OBJECT  GLOBAL DEFAULT   16 _dl_init_all_dirs@@GLIBC_2.2\
   368: 00016010     4 OBJECT  GLOBAL DEFAULT   16 _dl_init_all_dirs\
\pard\pardeftab720\ri0\partightenfactor0

\f2 \cf0 \
\pard\pardeftab720\ri0\partightenfactor0

\f0 \cf0 # ls -l /lib/ld*\
-rwxr-xr-x    1 root     root       457261 Aug  8  2002 /lib/ld-2.2.4.so\
lrwxrwxrwx    1 root     root           11 Oct 23  2002 /lib/ld-linux.so.2 -> ld-2.2.4.so\
# ldd /lib/libc.so.6\
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)\
# ldd /lib/ld-2.2.4.so\
        statically linked     # 
\f1 \'b6\'af\'cc\'ac\'c1\'ac\'bd\'d3\'c6\'f7\'ca\'c7\'be\'b2\'cc\'ac\'c1\'ac\'bd\'d3\'b5\'c4\'a3\'ac\'ce\'de\'d0\'e8\'d2\'c0\'c0\'b5\'c6\'e4\'cb\'fb\'c8\'ce\'ba\'ce\'bf\'e2\'ce\'c4\'bc\'fe\'a1\'a3
\f2 \

\f0 # cp /lib/ld-2.2.4.so /tmp\
# gdb -q /tmp/ld-2.2.4.so\
# (gdb) disass _dl_lookup_symbol  # 
\f1 \'b4\'cb\'ba\'af\'ca\'fd
\f0  
\f1 \'ce\'bb\'d3\'da
\f0  /lib/ld-2.2.4.so
\f1 \'c0\'ef\'c3\'e6\'a3\'ac\'b4\'f3\'b8\'c5\'d3\'d0
\f0 2000
\f1 \'d0\'d0\'bb\'e3\'b1\'e0\'b4\'fa\'c2\'eb\'a1\'a3
\f2 \
\
\
\

\f1 \'b2\'ce\'bf\'bc\'d7\'ca\'c1\'cf\'a3\'ba
\f0  \
\
1.glibc 2.1.3 src \
2.<<elf
\f1 \'ce\'c4\'bc\'fe\'b8\'f1\'ca\'bd
\f0 >> \
3.<<Cheating the elf Subversive Dynamic Linking to Libraries>> write by the grugq \
4.Linux
\f1 \'b6\'af\'cc\'ac\'c1\'b4\'bd\'d3\'bc\'bc\'ca\'f5
\f0  \
http://www.linuxforum.net/forum/showflat.php?Cat=&Board=Kstudy&Number=102793&page=1&view=collapsed&sb=5&o=31&part= \
5.p58-0x04 by Nergal <nergal@owl.openwall.com> \
<< The advanced return-into-lib(c) exploits >> \
\
\
WSS(Whitecell Security Systems)
\f1 \'a3\'ac\'d2\'bb\'b8\'f6\'b7\'c7\'d3\'aa\'c0\'fb\'d0\'d4\'c3\'f1\'bc\'e4\'bc\'bc\'ca\'f5\'d7\'e9\'d6\'af\'a3\'ac\'d6\'c2\'c1\'a6\'d3\'da\'b8\'f7\'d6\'d6\'cf\'b5\'cd\'b3\'b0\'b2\'c8\'ab\'bc\'bc\'ca\'f5\'b5\'c4\'d1\'d0\'be\'bf\'a1\'a3\'bc\'e1\'b3\'d6\'b4\'ab\'cd\'b3\'b5\'c4
\f0 hacker
\f1 \'be\'ab\'c9\'f1\'a3\'ac\'d7\'b7\'c7\'f3\'bc\'bc\'ca\'f5\'b5\'c4\'be\'ab\'b4\'bf\'a1\'a3
\f0  \
WSS 
\f1 \'d6\'f7\'d2\'b3\'a3\'ba
\f0 http://www.whitecell.org/ \
WSS 
\f1 \'c2\'db\'cc\'b3\'a3\'ba
\f0 http://www.whitecell.org/forum/ \
\
\
\
}